xref: /openbmc/qemu/hw/net/virtio-net.c (revision 4a9b31b8)
1 /*
2  * Virtio Network Device
3  *
4  * Copyright IBM, Corp. 2007
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2.  See
10  * the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qemu/iov.h"
16 #include "hw/virtio/virtio.h"
17 #include "net/net.h"
18 #include "net/checksum.h"
19 #include "net/tap.h"
20 #include "qemu/error-report.h"
21 #include "qemu/timer.h"
22 #include "hw/virtio/virtio-net.h"
23 #include "net/vhost_net.h"
24 #include "hw/virtio/virtio-bus.h"
25 #include "qapi/error.h"
26 #include "qapi/qapi-events-net.h"
27 #include "hw/virtio/virtio-access.h"
28 #include "migration/misc.h"
29 #include "standard-headers/linux/ethtool.h"
30 
31 #define VIRTIO_NET_VM_VERSION    11
32 
33 #define MAC_TABLE_ENTRIES    64
34 #define MAX_VLAN    (1 << 12)   /* Per 802.1Q definition */
35 
36 /* previously fixed value */
37 #define VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE 256
38 #define VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE 256
39 
40 /* for now, only allow larger queues; with virtio-1, guest can downsize */
41 #define VIRTIO_NET_RX_QUEUE_MIN_SIZE VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE
42 #define VIRTIO_NET_TX_QUEUE_MIN_SIZE VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE
43 
44 /*
45  * Calculate the number of bytes up to and including the given 'field' of
46  * 'container'.
47  */
48 #define endof(container, field) \
49     (offsetof(container, field) + sizeof_field(container, field))
50 
51 typedef struct VirtIOFeature {
52     uint64_t flags;
53     size_t end;
54 } VirtIOFeature;
55 
56 static VirtIOFeature feature_sizes[] = {
57     {.flags = 1ULL << VIRTIO_NET_F_MAC,
58      .end = endof(struct virtio_net_config, mac)},
59     {.flags = 1ULL << VIRTIO_NET_F_STATUS,
60      .end = endof(struct virtio_net_config, status)},
61     {.flags = 1ULL << VIRTIO_NET_F_MQ,
62      .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
63     {.flags = 1ULL << VIRTIO_NET_F_MTU,
64      .end = endof(struct virtio_net_config, mtu)},
65     {.flags = 1ULL << VIRTIO_NET_F_SPEED_DUPLEX,
66      .end = endof(struct virtio_net_config, duplex)},
67     {}
68 };
69 
70 static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
71 {
72     VirtIONet *n = qemu_get_nic_opaque(nc);
73 
74     return &n->vqs[nc->queue_index];
75 }
76 
77 static int vq2q(int queue_index)
78 {
79     return queue_index / 2;
80 }
81 
82 /* TODO
83  * - we could suppress RX interrupt if we were so inclined.
84  */
85 
86 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
87 {
88     VirtIONet *n = VIRTIO_NET(vdev);
89     struct virtio_net_config netcfg;
90 
91     virtio_stw_p(vdev, &netcfg.status, n->status);
92     virtio_stw_p(vdev, &netcfg.max_virtqueue_pairs, n->max_queues);
93     virtio_stw_p(vdev, &netcfg.mtu, n->net_conf.mtu);
94     memcpy(netcfg.mac, n->mac, ETH_ALEN);
95     virtio_stl_p(vdev, &netcfg.speed, n->net_conf.speed);
96     netcfg.duplex = n->net_conf.duplex;
97     memcpy(config, &netcfg, n->config_size);
98 }
99 
100 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
101 {
102     VirtIONet *n = VIRTIO_NET(vdev);
103     struct virtio_net_config netcfg = {};
104 
105     memcpy(&netcfg, config, n->config_size);
106 
107     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR) &&
108         !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1) &&
109         memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
110         memcpy(n->mac, netcfg.mac, ETH_ALEN);
111         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
112     }
113 }
114 
115 static bool virtio_net_started(VirtIONet *n, uint8_t status)
116 {
117     VirtIODevice *vdev = VIRTIO_DEVICE(n);
118     return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
119         (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
120 }
121 
122 static void virtio_net_announce_timer(void *opaque)
123 {
124     VirtIONet *n = opaque;
125     VirtIODevice *vdev = VIRTIO_DEVICE(n);
126 
127     n->announce_counter--;
128     n->status |= VIRTIO_NET_S_ANNOUNCE;
129     virtio_notify_config(vdev);
130 }
131 
132 static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
133 {
134     VirtIODevice *vdev = VIRTIO_DEVICE(n);
135     NetClientState *nc = qemu_get_queue(n->nic);
136     int queues = n->multiqueue ? n->max_queues : 1;
137 
138     if (!get_vhost_net(nc->peer)) {
139         return;
140     }
141 
142     if ((virtio_net_started(n, status) && !nc->peer->link_down) ==
143         !!n->vhost_started) {
144         return;
145     }
146     if (!n->vhost_started) {
147         int r, i;
148 
149         if (n->needs_vnet_hdr_swap) {
150             error_report("backend does not support %s vnet headers; "
151                          "falling back on userspace virtio",
152                          virtio_is_big_endian(vdev) ? "BE" : "LE");
153             return;
154         }
155 
156         /* Any packets outstanding? Purge them to avoid touching rings
157          * when vhost is running.
158          */
159         for (i = 0;  i < queues; i++) {
160             NetClientState *qnc = qemu_get_subqueue(n->nic, i);
161 
162             /* Purge both directions: TX and RX. */
163             qemu_net_queue_purge(qnc->peer->incoming_queue, qnc);
164             qemu_net_queue_purge(qnc->incoming_queue, qnc->peer);
165         }
166 
167         if (virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_MTU)) {
168             r = vhost_net_set_mtu(get_vhost_net(nc->peer), n->net_conf.mtu);
169             if (r < 0) {
170                 error_report("%uBytes MTU not supported by the backend",
171                              n->net_conf.mtu);
172 
173                 return;
174             }
175         }
176 
177         n->vhost_started = 1;
178         r = vhost_net_start(vdev, n->nic->ncs, queues);
179         if (r < 0) {
180             error_report("unable to start vhost net: %d: "
181                          "falling back on userspace virtio", -r);
182             n->vhost_started = 0;
183         }
184     } else {
185         vhost_net_stop(vdev, n->nic->ncs, queues);
186         n->vhost_started = 0;
187     }
188 }
189 
190 static int virtio_net_set_vnet_endian_one(VirtIODevice *vdev,
191                                           NetClientState *peer,
192                                           bool enable)
193 {
194     if (virtio_is_big_endian(vdev)) {
195         return qemu_set_vnet_be(peer, enable);
196     } else {
197         return qemu_set_vnet_le(peer, enable);
198     }
199 }
200 
201 static bool virtio_net_set_vnet_endian(VirtIODevice *vdev, NetClientState *ncs,
202                                        int queues, bool enable)
203 {
204     int i;
205 
206     for (i = 0; i < queues; i++) {
207         if (virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, enable) < 0 &&
208             enable) {
209             while (--i >= 0) {
210                 virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, false);
211             }
212 
213             return true;
214         }
215     }
216 
217     return false;
218 }
219 
220 static void virtio_net_vnet_endian_status(VirtIONet *n, uint8_t status)
221 {
222     VirtIODevice *vdev = VIRTIO_DEVICE(n);
223     int queues = n->multiqueue ? n->max_queues : 1;
224 
225     if (virtio_net_started(n, status)) {
226         /* Before using the device, we tell the network backend about the
227          * endianness to use when parsing vnet headers. If the backend
228          * can't do it, we fallback onto fixing the headers in the core
229          * virtio-net code.
230          */
231         n->needs_vnet_hdr_swap = virtio_net_set_vnet_endian(vdev, n->nic->ncs,
232                                                             queues, true);
233     } else if (virtio_net_started(n, vdev->status)) {
234         /* After using the device, we need to reset the network backend to
235          * the default (guest native endianness), otherwise the guest may
236          * lose network connectivity if it is rebooted into a different
237          * endianness.
238          */
239         virtio_net_set_vnet_endian(vdev, n->nic->ncs, queues, false);
240     }
241 }
242 
243 static void virtio_net_drop_tx_queue_data(VirtIODevice *vdev, VirtQueue *vq)
244 {
245     unsigned int dropped = virtqueue_drop_all(vq);
246     if (dropped) {
247         virtio_notify(vdev, vq);
248     }
249 }
250 
251 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
252 {
253     VirtIONet *n = VIRTIO_NET(vdev);
254     VirtIONetQueue *q;
255     int i;
256     uint8_t queue_status;
257 
258     virtio_net_vnet_endian_status(n, status);
259     virtio_net_vhost_status(n, status);
260 
261     for (i = 0; i < n->max_queues; i++) {
262         NetClientState *ncs = qemu_get_subqueue(n->nic, i);
263         bool queue_started;
264         q = &n->vqs[i];
265 
266         if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
267             queue_status = 0;
268         } else {
269             queue_status = status;
270         }
271         queue_started =
272             virtio_net_started(n, queue_status) && !n->vhost_started;
273 
274         if (queue_started) {
275             qemu_flush_queued_packets(ncs);
276         }
277 
278         if (!q->tx_waiting) {
279             continue;
280         }
281 
282         if (queue_started) {
283             if (q->tx_timer) {
284                 timer_mod(q->tx_timer,
285                                qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
286             } else {
287                 qemu_bh_schedule(q->tx_bh);
288             }
289         } else {
290             if (q->tx_timer) {
291                 timer_del(q->tx_timer);
292             } else {
293                 qemu_bh_cancel(q->tx_bh);
294             }
295             if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 &&
296                 (queue_status & VIRTIO_CONFIG_S_DRIVER_OK) &&
297                 vdev->vm_running) {
298                 /* if tx is waiting we are likely have some packets in tx queue
299                  * and disabled notification */
300                 q->tx_waiting = 0;
301                 virtio_queue_set_notification(q->tx_vq, 1);
302                 virtio_net_drop_tx_queue_data(vdev, q->tx_vq);
303             }
304         }
305     }
306 }
307 
308 static void virtio_net_set_link_status(NetClientState *nc)
309 {
310     VirtIONet *n = qemu_get_nic_opaque(nc);
311     VirtIODevice *vdev = VIRTIO_DEVICE(n);
312     uint16_t old_status = n->status;
313 
314     if (nc->link_down)
315         n->status &= ~VIRTIO_NET_S_LINK_UP;
316     else
317         n->status |= VIRTIO_NET_S_LINK_UP;
318 
319     if (n->status != old_status)
320         virtio_notify_config(vdev);
321 
322     virtio_net_set_status(vdev, vdev->status);
323 }
324 
325 static void rxfilter_notify(NetClientState *nc)
326 {
327     VirtIONet *n = qemu_get_nic_opaque(nc);
328 
329     if (nc->rxfilter_notify_enabled) {
330         gchar *path = object_get_canonical_path(OBJECT(n->qdev));
331         qapi_event_send_nic_rx_filter_changed(!!n->netclient_name,
332                                               n->netclient_name, path);
333         g_free(path);
334 
335         /* disable event notification to avoid events flooding */
336         nc->rxfilter_notify_enabled = 0;
337     }
338 }
339 
340 static intList *get_vlan_table(VirtIONet *n)
341 {
342     intList *list, *entry;
343     int i, j;
344 
345     list = NULL;
346     for (i = 0; i < MAX_VLAN >> 5; i++) {
347         for (j = 0; n->vlans[i] && j <= 0x1f; j++) {
348             if (n->vlans[i] & (1U << j)) {
349                 entry = g_malloc0(sizeof(*entry));
350                 entry->value = (i << 5) + j;
351                 entry->next = list;
352                 list = entry;
353             }
354         }
355     }
356 
357     return list;
358 }
359 
360 static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
361 {
362     VirtIONet *n = qemu_get_nic_opaque(nc);
363     VirtIODevice *vdev = VIRTIO_DEVICE(n);
364     RxFilterInfo *info;
365     strList *str_list, *entry;
366     int i;
367 
368     info = g_malloc0(sizeof(*info));
369     info->name = g_strdup(nc->name);
370     info->promiscuous = n->promisc;
371 
372     if (n->nouni) {
373         info->unicast = RX_STATE_NONE;
374     } else if (n->alluni) {
375         info->unicast = RX_STATE_ALL;
376     } else {
377         info->unicast = RX_STATE_NORMAL;
378     }
379 
380     if (n->nomulti) {
381         info->multicast = RX_STATE_NONE;
382     } else if (n->allmulti) {
383         info->multicast = RX_STATE_ALL;
384     } else {
385         info->multicast = RX_STATE_NORMAL;
386     }
387 
388     info->broadcast_allowed = n->nobcast;
389     info->multicast_overflow = n->mac_table.multi_overflow;
390     info->unicast_overflow = n->mac_table.uni_overflow;
391 
392     info->main_mac = qemu_mac_strdup_printf(n->mac);
393 
394     str_list = NULL;
395     for (i = 0; i < n->mac_table.first_multi; i++) {
396         entry = g_malloc0(sizeof(*entry));
397         entry->value = qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
398         entry->next = str_list;
399         str_list = entry;
400     }
401     info->unicast_table = str_list;
402 
403     str_list = NULL;
404     for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
405         entry = g_malloc0(sizeof(*entry));
406         entry->value = qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
407         entry->next = str_list;
408         str_list = entry;
409     }
410     info->multicast_table = str_list;
411     info->vlan_table = get_vlan_table(n);
412 
413     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VLAN)) {
414         info->vlan = RX_STATE_ALL;
415     } else if (!info->vlan_table) {
416         info->vlan = RX_STATE_NONE;
417     } else {
418         info->vlan = RX_STATE_NORMAL;
419     }
420 
421     /* enable event notification after query */
422     nc->rxfilter_notify_enabled = 1;
423 
424     return info;
425 }
426 
427 static void virtio_net_reset(VirtIODevice *vdev)
428 {
429     VirtIONet *n = VIRTIO_NET(vdev);
430     int i;
431 
432     /* Reset back to compatibility mode */
433     n->promisc = 1;
434     n->allmulti = 0;
435     n->alluni = 0;
436     n->nomulti = 0;
437     n->nouni = 0;
438     n->nobcast = 0;
439     /* multiqueue is disabled by default */
440     n->curr_queues = 1;
441     timer_del(n->announce_timer);
442     n->announce_counter = 0;
443     n->status &= ~VIRTIO_NET_S_ANNOUNCE;
444 
445     /* Flush any MAC and VLAN filter table state */
446     n->mac_table.in_use = 0;
447     n->mac_table.first_multi = 0;
448     n->mac_table.multi_overflow = 0;
449     n->mac_table.uni_overflow = 0;
450     memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
451     memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
452     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
453     memset(n->vlans, 0, MAX_VLAN >> 3);
454 
455     /* Flush any async TX */
456     for (i = 0;  i < n->max_queues; i++) {
457         NetClientState *nc = qemu_get_subqueue(n->nic, i);
458 
459         if (nc->peer) {
460             qemu_flush_or_purge_queued_packets(nc->peer, true);
461             assert(!virtio_net_get_subqueue(nc)->async_tx.elem);
462         }
463     }
464 }
465 
466 static void peer_test_vnet_hdr(VirtIONet *n)
467 {
468     NetClientState *nc = qemu_get_queue(n->nic);
469     if (!nc->peer) {
470         return;
471     }
472 
473     n->has_vnet_hdr = qemu_has_vnet_hdr(nc->peer);
474 }
475 
476 static int peer_has_vnet_hdr(VirtIONet *n)
477 {
478     return n->has_vnet_hdr;
479 }
480 
481 static int peer_has_ufo(VirtIONet *n)
482 {
483     if (!peer_has_vnet_hdr(n))
484         return 0;
485 
486     n->has_ufo = qemu_has_ufo(qemu_get_queue(n->nic)->peer);
487 
488     return n->has_ufo;
489 }
490 
491 static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs,
492                                        int version_1)
493 {
494     int i;
495     NetClientState *nc;
496 
497     n->mergeable_rx_bufs = mergeable_rx_bufs;
498 
499     if (version_1) {
500         n->guest_hdr_len = sizeof(struct virtio_net_hdr_mrg_rxbuf);
501     } else {
502         n->guest_hdr_len = n->mergeable_rx_bufs ?
503             sizeof(struct virtio_net_hdr_mrg_rxbuf) :
504             sizeof(struct virtio_net_hdr);
505     }
506 
507     for (i = 0; i < n->max_queues; i++) {
508         nc = qemu_get_subqueue(n->nic, i);
509 
510         if (peer_has_vnet_hdr(n) &&
511             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
512             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
513             n->host_hdr_len = n->guest_hdr_len;
514         }
515     }
516 }
517 
518 static int virtio_net_max_tx_queue_size(VirtIONet *n)
519 {
520     NetClientState *peer = n->nic_conf.peers.ncs[0];
521 
522     /*
523      * Backends other than vhost-user don't support max queue size.
524      */
525     if (!peer) {
526         return VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE;
527     }
528 
529     if (peer->info->type != NET_CLIENT_DRIVER_VHOST_USER) {
530         return VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE;
531     }
532 
533     return VIRTQUEUE_MAX_SIZE;
534 }
535 
536 static int peer_attach(VirtIONet *n, int index)
537 {
538     NetClientState *nc = qemu_get_subqueue(n->nic, index);
539 
540     if (!nc->peer) {
541         return 0;
542     }
543 
544     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
545         vhost_set_vring_enable(nc->peer, 1);
546     }
547 
548     if (nc->peer->info->type != NET_CLIENT_DRIVER_TAP) {
549         return 0;
550     }
551 
552     if (n->max_queues == 1) {
553         return 0;
554     }
555 
556     return tap_enable(nc->peer);
557 }
558 
559 static int peer_detach(VirtIONet *n, int index)
560 {
561     NetClientState *nc = qemu_get_subqueue(n->nic, index);
562 
563     if (!nc->peer) {
564         return 0;
565     }
566 
567     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
568         vhost_set_vring_enable(nc->peer, 0);
569     }
570 
571     if (nc->peer->info->type !=  NET_CLIENT_DRIVER_TAP) {
572         return 0;
573     }
574 
575     return tap_disable(nc->peer);
576 }
577 
578 static void virtio_net_set_queues(VirtIONet *n)
579 {
580     int i;
581     int r;
582 
583     if (n->nic->peer_deleted) {
584         return;
585     }
586 
587     for (i = 0; i < n->max_queues; i++) {
588         if (i < n->curr_queues) {
589             r = peer_attach(n, i);
590             assert(!r);
591         } else {
592             r = peer_detach(n, i);
593             assert(!r);
594         }
595     }
596 }
597 
598 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
599 
600 static uint64_t virtio_net_get_features(VirtIODevice *vdev, uint64_t features,
601                                         Error **errp)
602 {
603     VirtIONet *n = VIRTIO_NET(vdev);
604     NetClientState *nc = qemu_get_queue(n->nic);
605 
606     /* Firstly sync all virtio-net possible supported features */
607     features |= n->host_features;
608 
609     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
610 
611     if (!peer_has_vnet_hdr(n)) {
612         virtio_clear_feature(&features, VIRTIO_NET_F_CSUM);
613         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO4);
614         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO6);
615         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_ECN);
616 
617         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_CSUM);
618         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO4);
619         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO6);
620         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_ECN);
621     }
622 
623     if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
624         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_UFO);
625         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_UFO);
626     }
627 
628     if (!get_vhost_net(nc->peer)) {
629         return features;
630     }
631     features = vhost_net_get_features(get_vhost_net(nc->peer), features);
632     vdev->backend_features = features;
633 
634     if (n->mtu_bypass_backend &&
635             (n->host_features & 1ULL << VIRTIO_NET_F_MTU)) {
636         features |= (1ULL << VIRTIO_NET_F_MTU);
637     }
638 
639     return features;
640 }
641 
642 static uint64_t virtio_net_bad_features(VirtIODevice *vdev)
643 {
644     uint64_t features = 0;
645 
646     /* Linux kernel 2.6.25.  It understood MAC (as everyone must),
647      * but also these: */
648     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
649     virtio_add_feature(&features, VIRTIO_NET_F_CSUM);
650     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO4);
651     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO6);
652     virtio_add_feature(&features, VIRTIO_NET_F_HOST_ECN);
653 
654     return features;
655 }
656 
657 static void virtio_net_apply_guest_offloads(VirtIONet *n)
658 {
659     qemu_set_offload(qemu_get_queue(n->nic)->peer,
660             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
661             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
662             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
663             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
664             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
665 }
666 
667 static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
668 {
669     static const uint64_t guest_offloads_mask =
670         (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
671         (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
672         (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
673         (1ULL << VIRTIO_NET_F_GUEST_ECN)  |
674         (1ULL << VIRTIO_NET_F_GUEST_UFO);
675 
676     return guest_offloads_mask & features;
677 }
678 
679 static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
680 {
681     VirtIODevice *vdev = VIRTIO_DEVICE(n);
682     return virtio_net_guest_offloads_by_features(vdev->guest_features);
683 }
684 
685 static void virtio_net_set_features(VirtIODevice *vdev, uint64_t features)
686 {
687     VirtIONet *n = VIRTIO_NET(vdev);
688     int i;
689 
690     if (n->mtu_bypass_backend &&
691             !virtio_has_feature(vdev->backend_features, VIRTIO_NET_F_MTU)) {
692         features &= ~(1ULL << VIRTIO_NET_F_MTU);
693     }
694 
695     virtio_net_set_multiqueue(n,
696                               virtio_has_feature(features, VIRTIO_NET_F_MQ));
697 
698     virtio_net_set_mrg_rx_bufs(n,
699                                virtio_has_feature(features,
700                                                   VIRTIO_NET_F_MRG_RXBUF),
701                                virtio_has_feature(features,
702                                                   VIRTIO_F_VERSION_1));
703 
704     if (n->has_vnet_hdr) {
705         n->curr_guest_offloads =
706             virtio_net_guest_offloads_by_features(features);
707         virtio_net_apply_guest_offloads(n);
708     }
709 
710     for (i = 0;  i < n->max_queues; i++) {
711         NetClientState *nc = qemu_get_subqueue(n->nic, i);
712 
713         if (!get_vhost_net(nc->peer)) {
714             continue;
715         }
716         vhost_net_ack_features(get_vhost_net(nc->peer), features);
717     }
718 
719     if (virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN)) {
720         memset(n->vlans, 0, MAX_VLAN >> 3);
721     } else {
722         memset(n->vlans, 0xff, MAX_VLAN >> 3);
723     }
724 }
725 
726 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
727                                      struct iovec *iov, unsigned int iov_cnt)
728 {
729     uint8_t on;
730     size_t s;
731     NetClientState *nc = qemu_get_queue(n->nic);
732 
733     s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
734     if (s != sizeof(on)) {
735         return VIRTIO_NET_ERR;
736     }
737 
738     if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
739         n->promisc = on;
740     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
741         n->allmulti = on;
742     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
743         n->alluni = on;
744     } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
745         n->nomulti = on;
746     } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
747         n->nouni = on;
748     } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
749         n->nobcast = on;
750     } else {
751         return VIRTIO_NET_ERR;
752     }
753 
754     rxfilter_notify(nc);
755 
756     return VIRTIO_NET_OK;
757 }
758 
759 static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
760                                      struct iovec *iov, unsigned int iov_cnt)
761 {
762     VirtIODevice *vdev = VIRTIO_DEVICE(n);
763     uint64_t offloads;
764     size_t s;
765 
766     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
767         return VIRTIO_NET_ERR;
768     }
769 
770     s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
771     if (s != sizeof(offloads)) {
772         return VIRTIO_NET_ERR;
773     }
774 
775     if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
776         uint64_t supported_offloads;
777 
778         offloads = virtio_ldq_p(vdev, &offloads);
779 
780         if (!n->has_vnet_hdr) {
781             return VIRTIO_NET_ERR;
782         }
783 
784         supported_offloads = virtio_net_supported_guest_offloads(n);
785         if (offloads & ~supported_offloads) {
786             return VIRTIO_NET_ERR;
787         }
788 
789         n->curr_guest_offloads = offloads;
790         virtio_net_apply_guest_offloads(n);
791 
792         return VIRTIO_NET_OK;
793     } else {
794         return VIRTIO_NET_ERR;
795     }
796 }
797 
798 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
799                                  struct iovec *iov, unsigned int iov_cnt)
800 {
801     VirtIODevice *vdev = VIRTIO_DEVICE(n);
802     struct virtio_net_ctrl_mac mac_data;
803     size_t s;
804     NetClientState *nc = qemu_get_queue(n->nic);
805 
806     if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
807         if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
808             return VIRTIO_NET_ERR;
809         }
810         s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
811         assert(s == sizeof(n->mac));
812         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
813         rxfilter_notify(nc);
814 
815         return VIRTIO_NET_OK;
816     }
817 
818     if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
819         return VIRTIO_NET_ERR;
820     }
821 
822     int in_use = 0;
823     int first_multi = 0;
824     uint8_t uni_overflow = 0;
825     uint8_t multi_overflow = 0;
826     uint8_t *macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
827 
828     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
829                    sizeof(mac_data.entries));
830     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
831     if (s != sizeof(mac_data.entries)) {
832         goto error;
833     }
834     iov_discard_front(&iov, &iov_cnt, s);
835 
836     if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
837         goto error;
838     }
839 
840     if (mac_data.entries <= MAC_TABLE_ENTRIES) {
841         s = iov_to_buf(iov, iov_cnt, 0, macs,
842                        mac_data.entries * ETH_ALEN);
843         if (s != mac_data.entries * ETH_ALEN) {
844             goto error;
845         }
846         in_use += mac_data.entries;
847     } else {
848         uni_overflow = 1;
849     }
850 
851     iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
852 
853     first_multi = in_use;
854 
855     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
856                    sizeof(mac_data.entries));
857     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
858     if (s != sizeof(mac_data.entries)) {
859         goto error;
860     }
861 
862     iov_discard_front(&iov, &iov_cnt, s);
863 
864     if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
865         goto error;
866     }
867 
868     if (mac_data.entries <= MAC_TABLE_ENTRIES - in_use) {
869         s = iov_to_buf(iov, iov_cnt, 0, &macs[in_use * ETH_ALEN],
870                        mac_data.entries * ETH_ALEN);
871         if (s != mac_data.entries * ETH_ALEN) {
872             goto error;
873         }
874         in_use += mac_data.entries;
875     } else {
876         multi_overflow = 1;
877     }
878 
879     n->mac_table.in_use = in_use;
880     n->mac_table.first_multi = first_multi;
881     n->mac_table.uni_overflow = uni_overflow;
882     n->mac_table.multi_overflow = multi_overflow;
883     memcpy(n->mac_table.macs, macs, MAC_TABLE_ENTRIES * ETH_ALEN);
884     g_free(macs);
885     rxfilter_notify(nc);
886 
887     return VIRTIO_NET_OK;
888 
889 error:
890     g_free(macs);
891     return VIRTIO_NET_ERR;
892 }
893 
894 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
895                                         struct iovec *iov, unsigned int iov_cnt)
896 {
897     VirtIODevice *vdev = VIRTIO_DEVICE(n);
898     uint16_t vid;
899     size_t s;
900     NetClientState *nc = qemu_get_queue(n->nic);
901 
902     s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
903     vid = virtio_lduw_p(vdev, &vid);
904     if (s != sizeof(vid)) {
905         return VIRTIO_NET_ERR;
906     }
907 
908     if (vid >= MAX_VLAN)
909         return VIRTIO_NET_ERR;
910 
911     if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
912         n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
913     else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
914         n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
915     else
916         return VIRTIO_NET_ERR;
917 
918     rxfilter_notify(nc);
919 
920     return VIRTIO_NET_OK;
921 }
922 
923 static int virtio_net_handle_announce(VirtIONet *n, uint8_t cmd,
924                                       struct iovec *iov, unsigned int iov_cnt)
925 {
926     if (cmd == VIRTIO_NET_CTRL_ANNOUNCE_ACK &&
927         n->status & VIRTIO_NET_S_ANNOUNCE) {
928         n->status &= ~VIRTIO_NET_S_ANNOUNCE;
929         if (n->announce_counter) {
930             timer_mod(n->announce_timer,
931                       qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
932                       self_announce_delay(n->announce_counter));
933         }
934         return VIRTIO_NET_OK;
935     } else {
936         return VIRTIO_NET_ERR;
937     }
938 }
939 
940 static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
941                                 struct iovec *iov, unsigned int iov_cnt)
942 {
943     VirtIODevice *vdev = VIRTIO_DEVICE(n);
944     struct virtio_net_ctrl_mq mq;
945     size_t s;
946     uint16_t queues;
947 
948     s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
949     if (s != sizeof(mq)) {
950         return VIRTIO_NET_ERR;
951     }
952 
953     if (cmd != VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
954         return VIRTIO_NET_ERR;
955     }
956 
957     queues = virtio_lduw_p(vdev, &mq.virtqueue_pairs);
958 
959     if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
960         queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
961         queues > n->max_queues ||
962         !n->multiqueue) {
963         return VIRTIO_NET_ERR;
964     }
965 
966     n->curr_queues = queues;
967     /* stop the backend before changing the number of queues to avoid handling a
968      * disabled queue */
969     virtio_net_set_status(vdev, vdev->status);
970     virtio_net_set_queues(n);
971 
972     return VIRTIO_NET_OK;
973 }
974 
975 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
976 {
977     VirtIONet *n = VIRTIO_NET(vdev);
978     struct virtio_net_ctrl_hdr ctrl;
979     virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
980     VirtQueueElement *elem;
981     size_t s;
982     struct iovec *iov, *iov2;
983     unsigned int iov_cnt;
984 
985     for (;;) {
986         elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
987         if (!elem) {
988             break;
989         }
990         if (iov_size(elem->in_sg, elem->in_num) < sizeof(status) ||
991             iov_size(elem->out_sg, elem->out_num) < sizeof(ctrl)) {
992             virtio_error(vdev, "virtio-net ctrl missing headers");
993             virtqueue_detach_element(vq, elem, 0);
994             g_free(elem);
995             break;
996         }
997 
998         iov_cnt = elem->out_num;
999         iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * elem->out_num);
1000         s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
1001         iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
1002         if (s != sizeof(ctrl)) {
1003             status = VIRTIO_NET_ERR;
1004         } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
1005             status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
1006         } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
1007             status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
1008         } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
1009             status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
1010         } else if (ctrl.class == VIRTIO_NET_CTRL_ANNOUNCE) {
1011             status = virtio_net_handle_announce(n, ctrl.cmd, iov, iov_cnt);
1012         } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
1013             status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
1014         } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
1015             status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
1016         }
1017 
1018         s = iov_from_buf(elem->in_sg, elem->in_num, 0, &status, sizeof(status));
1019         assert(s == sizeof(status));
1020 
1021         virtqueue_push(vq, elem, sizeof(status));
1022         virtio_notify(vdev, vq);
1023         g_free(iov2);
1024         g_free(elem);
1025     }
1026 }
1027 
1028 /* RX */
1029 
1030 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
1031 {
1032     VirtIONet *n = VIRTIO_NET(vdev);
1033     int queue_index = vq2q(virtio_get_queue_index(vq));
1034 
1035     qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
1036 }
1037 
1038 static int virtio_net_can_receive(NetClientState *nc)
1039 {
1040     VirtIONet *n = qemu_get_nic_opaque(nc);
1041     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1042     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1043 
1044     if (!vdev->vm_running) {
1045         return 0;
1046     }
1047 
1048     if (nc->queue_index >= n->curr_queues) {
1049         return 0;
1050     }
1051 
1052     if (!virtio_queue_ready(q->rx_vq) ||
1053         !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1054         return 0;
1055     }
1056 
1057     return 1;
1058 }
1059 
1060 static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
1061 {
1062     VirtIONet *n = q->n;
1063     if (virtio_queue_empty(q->rx_vq) ||
1064         (n->mergeable_rx_bufs &&
1065          !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1066         virtio_queue_set_notification(q->rx_vq, 1);
1067 
1068         /* To avoid a race condition where the guest has made some buffers
1069          * available after the above check but before notification was
1070          * enabled, check for available buffers again.
1071          */
1072         if (virtio_queue_empty(q->rx_vq) ||
1073             (n->mergeable_rx_bufs &&
1074              !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1075             return 0;
1076         }
1077     }
1078 
1079     virtio_queue_set_notification(q->rx_vq, 0);
1080     return 1;
1081 }
1082 
1083 static void virtio_net_hdr_swap(VirtIODevice *vdev, struct virtio_net_hdr *hdr)
1084 {
1085     virtio_tswap16s(vdev, &hdr->hdr_len);
1086     virtio_tswap16s(vdev, &hdr->gso_size);
1087     virtio_tswap16s(vdev, &hdr->csum_start);
1088     virtio_tswap16s(vdev, &hdr->csum_offset);
1089 }
1090 
1091 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
1092  * it never finds out that the packets don't have valid checksums.  This
1093  * causes dhclient to get upset.  Fedora's carried a patch for ages to
1094  * fix this with Xen but it hasn't appeared in an upstream release of
1095  * dhclient yet.
1096  *
1097  * To avoid breaking existing guests, we catch udp packets and add
1098  * checksums.  This is terrible but it's better than hacking the guest
1099  * kernels.
1100  *
1101  * N.B. if we introduce a zero-copy API, this operation is no longer free so
1102  * we should provide a mechanism to disable it to avoid polluting the host
1103  * cache.
1104  */
1105 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
1106                                         uint8_t *buf, size_t size)
1107 {
1108     if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
1109         (size > 27 && size < 1500) && /* normal sized MTU */
1110         (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
1111         (buf[23] == 17) && /* ip.protocol == UDP */
1112         (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
1113         net_checksum_calculate(buf, size);
1114         hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
1115     }
1116 }
1117 
1118 static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
1119                            const void *buf, size_t size)
1120 {
1121     if (n->has_vnet_hdr) {
1122         /* FIXME this cast is evil */
1123         void *wbuf = (void *)buf;
1124         work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
1125                                     size - n->host_hdr_len);
1126 
1127         if (n->needs_vnet_hdr_swap) {
1128             virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
1129         }
1130         iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
1131     } else {
1132         struct virtio_net_hdr hdr = {
1133             .flags = 0,
1134             .gso_type = VIRTIO_NET_HDR_GSO_NONE
1135         };
1136         iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
1137     }
1138 }
1139 
1140 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
1141 {
1142     static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1143     static const uint8_t vlan[] = {0x81, 0x00};
1144     uint8_t *ptr = (uint8_t *)buf;
1145     int i;
1146 
1147     if (n->promisc)
1148         return 1;
1149 
1150     ptr += n->host_hdr_len;
1151 
1152     if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
1153         int vid = lduw_be_p(ptr + 14) & 0xfff;
1154         if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
1155             return 0;
1156     }
1157 
1158     if (ptr[0] & 1) { // multicast
1159         if (!memcmp(ptr, bcast, sizeof(bcast))) {
1160             return !n->nobcast;
1161         } else if (n->nomulti) {
1162             return 0;
1163         } else if (n->allmulti || n->mac_table.multi_overflow) {
1164             return 1;
1165         }
1166 
1167         for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
1168             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1169                 return 1;
1170             }
1171         }
1172     } else { // unicast
1173         if (n->nouni) {
1174             return 0;
1175         } else if (n->alluni || n->mac_table.uni_overflow) {
1176             return 1;
1177         } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
1178             return 1;
1179         }
1180 
1181         for (i = 0; i < n->mac_table.first_multi; i++) {
1182             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1183                 return 1;
1184             }
1185         }
1186     }
1187 
1188     return 0;
1189 }
1190 
1191 static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
1192                                       size_t size)
1193 {
1194     VirtIONet *n = qemu_get_nic_opaque(nc);
1195     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1196     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1197     struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
1198     struct virtio_net_hdr_mrg_rxbuf mhdr;
1199     unsigned mhdr_cnt = 0;
1200     size_t offset, i, guest_offset;
1201 
1202     if (!virtio_net_can_receive(nc)) {
1203         return -1;
1204     }
1205 
1206     /* hdr_len refers to the header we supply to the guest */
1207     if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
1208         return 0;
1209     }
1210 
1211     if (!receive_filter(n, buf, size))
1212         return size;
1213 
1214     offset = i = 0;
1215 
1216     while (offset < size) {
1217         VirtQueueElement *elem;
1218         int len, total;
1219         const struct iovec *sg;
1220 
1221         total = 0;
1222 
1223         elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement));
1224         if (!elem) {
1225             if (i) {
1226                 virtio_error(vdev, "virtio-net unexpected empty queue: "
1227                              "i %zd mergeable %d offset %zd, size %zd, "
1228                              "guest hdr len %zd, host hdr len %zd "
1229                              "guest features 0x%" PRIx64,
1230                              i, n->mergeable_rx_bufs, offset, size,
1231                              n->guest_hdr_len, n->host_hdr_len,
1232                              vdev->guest_features);
1233             }
1234             return -1;
1235         }
1236 
1237         if (elem->in_num < 1) {
1238             virtio_error(vdev,
1239                          "virtio-net receive queue contains no in buffers");
1240             virtqueue_detach_element(q->rx_vq, elem, 0);
1241             g_free(elem);
1242             return -1;
1243         }
1244 
1245         sg = elem->in_sg;
1246         if (i == 0) {
1247             assert(offset == 0);
1248             if (n->mergeable_rx_bufs) {
1249                 mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
1250                                     sg, elem->in_num,
1251                                     offsetof(typeof(mhdr), num_buffers),
1252                                     sizeof(mhdr.num_buffers));
1253             }
1254 
1255             receive_header(n, sg, elem->in_num, buf, size);
1256             offset = n->host_hdr_len;
1257             total += n->guest_hdr_len;
1258             guest_offset = n->guest_hdr_len;
1259         } else {
1260             guest_offset = 0;
1261         }
1262 
1263         /* copy in packet.  ugh */
1264         len = iov_from_buf(sg, elem->in_num, guest_offset,
1265                            buf + offset, size - offset);
1266         total += len;
1267         offset += len;
1268         /* If buffers can't be merged, at this point we
1269          * must have consumed the complete packet.
1270          * Otherwise, drop it. */
1271         if (!n->mergeable_rx_bufs && offset < size) {
1272             virtqueue_unpop(q->rx_vq, elem, total);
1273             g_free(elem);
1274             return size;
1275         }
1276 
1277         /* signal other side */
1278         virtqueue_fill(q->rx_vq, elem, total, i++);
1279         g_free(elem);
1280     }
1281 
1282     if (mhdr_cnt) {
1283         virtio_stw_p(vdev, &mhdr.num_buffers, i);
1284         iov_from_buf(mhdr_sg, mhdr_cnt,
1285                      0,
1286                      &mhdr.num_buffers, sizeof mhdr.num_buffers);
1287     }
1288 
1289     virtqueue_flush(q->rx_vq, i);
1290     virtio_notify(vdev, q->rx_vq);
1291 
1292     return size;
1293 }
1294 
1295 static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf,
1296                                   size_t size)
1297 {
1298     ssize_t r;
1299 
1300     rcu_read_lock();
1301     r = virtio_net_receive_rcu(nc, buf, size);
1302     rcu_read_unlock();
1303     return r;
1304 }
1305 
1306 static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
1307 
1308 static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
1309 {
1310     VirtIONet *n = qemu_get_nic_opaque(nc);
1311     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1312     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1313 
1314     virtqueue_push(q->tx_vq, q->async_tx.elem, 0);
1315     virtio_notify(vdev, q->tx_vq);
1316 
1317     g_free(q->async_tx.elem);
1318     q->async_tx.elem = NULL;
1319 
1320     virtio_queue_set_notification(q->tx_vq, 1);
1321     virtio_net_flush_tx(q);
1322 }
1323 
1324 /* TX */
1325 static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
1326 {
1327     VirtIONet *n = q->n;
1328     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1329     VirtQueueElement *elem;
1330     int32_t num_packets = 0;
1331     int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
1332     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1333         return num_packets;
1334     }
1335 
1336     if (q->async_tx.elem) {
1337         virtio_queue_set_notification(q->tx_vq, 0);
1338         return num_packets;
1339     }
1340 
1341     for (;;) {
1342         ssize_t ret;
1343         unsigned int out_num;
1344         struct iovec sg[VIRTQUEUE_MAX_SIZE], sg2[VIRTQUEUE_MAX_SIZE + 1], *out_sg;
1345         struct virtio_net_hdr_mrg_rxbuf mhdr;
1346 
1347         elem = virtqueue_pop(q->tx_vq, sizeof(VirtQueueElement));
1348         if (!elem) {
1349             break;
1350         }
1351 
1352         out_num = elem->out_num;
1353         out_sg = elem->out_sg;
1354         if (out_num < 1) {
1355             virtio_error(vdev, "virtio-net header not in first element");
1356             virtqueue_detach_element(q->tx_vq, elem, 0);
1357             g_free(elem);
1358             return -EINVAL;
1359         }
1360 
1361         if (n->has_vnet_hdr) {
1362             if (iov_to_buf(out_sg, out_num, 0, &mhdr, n->guest_hdr_len) <
1363                 n->guest_hdr_len) {
1364                 virtio_error(vdev, "virtio-net header incorrect");
1365                 virtqueue_detach_element(q->tx_vq, elem, 0);
1366                 g_free(elem);
1367                 return -EINVAL;
1368             }
1369             if (n->needs_vnet_hdr_swap) {
1370                 virtio_net_hdr_swap(vdev, (void *) &mhdr);
1371                 sg2[0].iov_base = &mhdr;
1372                 sg2[0].iov_len = n->guest_hdr_len;
1373                 out_num = iov_copy(&sg2[1], ARRAY_SIZE(sg2) - 1,
1374                                    out_sg, out_num,
1375                                    n->guest_hdr_len, -1);
1376                 if (out_num == VIRTQUEUE_MAX_SIZE) {
1377                     goto drop;
1378 		}
1379                 out_num += 1;
1380                 out_sg = sg2;
1381 	    }
1382         }
1383         /*
1384          * If host wants to see the guest header as is, we can
1385          * pass it on unchanged. Otherwise, copy just the parts
1386          * that host is interested in.
1387          */
1388         assert(n->host_hdr_len <= n->guest_hdr_len);
1389         if (n->host_hdr_len != n->guest_hdr_len) {
1390             unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
1391                                        out_sg, out_num,
1392                                        0, n->host_hdr_len);
1393             sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
1394                              out_sg, out_num,
1395                              n->guest_hdr_len, -1);
1396             out_num = sg_num;
1397             out_sg = sg;
1398         }
1399 
1400         ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
1401                                       out_sg, out_num, virtio_net_tx_complete);
1402         if (ret == 0) {
1403             virtio_queue_set_notification(q->tx_vq, 0);
1404             q->async_tx.elem = elem;
1405             return -EBUSY;
1406         }
1407 
1408 drop:
1409         virtqueue_push(q->tx_vq, elem, 0);
1410         virtio_notify(vdev, q->tx_vq);
1411         g_free(elem);
1412 
1413         if (++num_packets >= n->tx_burst) {
1414             break;
1415         }
1416     }
1417     return num_packets;
1418 }
1419 
1420 static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
1421 {
1422     VirtIONet *n = VIRTIO_NET(vdev);
1423     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1424 
1425     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
1426         virtio_net_drop_tx_queue_data(vdev, vq);
1427         return;
1428     }
1429 
1430     /* This happens when device was stopped but VCPU wasn't. */
1431     if (!vdev->vm_running) {
1432         q->tx_waiting = 1;
1433         return;
1434     }
1435 
1436     if (q->tx_waiting) {
1437         virtio_queue_set_notification(vq, 1);
1438         timer_del(q->tx_timer);
1439         q->tx_waiting = 0;
1440         if (virtio_net_flush_tx(q) == -EINVAL) {
1441             return;
1442         }
1443     } else {
1444         timer_mod(q->tx_timer,
1445                        qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
1446         q->tx_waiting = 1;
1447         virtio_queue_set_notification(vq, 0);
1448     }
1449 }
1450 
1451 static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
1452 {
1453     VirtIONet *n = VIRTIO_NET(vdev);
1454     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1455 
1456     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
1457         virtio_net_drop_tx_queue_data(vdev, vq);
1458         return;
1459     }
1460 
1461     if (unlikely(q->tx_waiting)) {
1462         return;
1463     }
1464     q->tx_waiting = 1;
1465     /* This happens when device was stopped but VCPU wasn't. */
1466     if (!vdev->vm_running) {
1467         return;
1468     }
1469     virtio_queue_set_notification(vq, 0);
1470     qemu_bh_schedule(q->tx_bh);
1471 }
1472 
1473 static void virtio_net_tx_timer(void *opaque)
1474 {
1475     VirtIONetQueue *q = opaque;
1476     VirtIONet *n = q->n;
1477     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1478     /* This happens when device was stopped but BH wasn't. */
1479     if (!vdev->vm_running) {
1480         /* Make sure tx waiting is set, so we'll run when restarted. */
1481         assert(q->tx_waiting);
1482         return;
1483     }
1484 
1485     q->tx_waiting = 0;
1486 
1487     /* Just in case the driver is not ready on more */
1488     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1489         return;
1490     }
1491 
1492     virtio_queue_set_notification(q->tx_vq, 1);
1493     virtio_net_flush_tx(q);
1494 }
1495 
1496 static void virtio_net_tx_bh(void *opaque)
1497 {
1498     VirtIONetQueue *q = opaque;
1499     VirtIONet *n = q->n;
1500     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1501     int32_t ret;
1502 
1503     /* This happens when device was stopped but BH wasn't. */
1504     if (!vdev->vm_running) {
1505         /* Make sure tx waiting is set, so we'll run when restarted. */
1506         assert(q->tx_waiting);
1507         return;
1508     }
1509 
1510     q->tx_waiting = 0;
1511 
1512     /* Just in case the driver is not ready on more */
1513     if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
1514         return;
1515     }
1516 
1517     ret = virtio_net_flush_tx(q);
1518     if (ret == -EBUSY || ret == -EINVAL) {
1519         return; /* Notification re-enable handled by tx_complete or device
1520                  * broken */
1521     }
1522 
1523     /* If we flush a full burst of packets, assume there are
1524      * more coming and immediately reschedule */
1525     if (ret >= n->tx_burst) {
1526         qemu_bh_schedule(q->tx_bh);
1527         q->tx_waiting = 1;
1528         return;
1529     }
1530 
1531     /* If less than a full burst, re-enable notification and flush
1532      * anything that may have come in while we weren't looking.  If
1533      * we find something, assume the guest is still active and reschedule */
1534     virtio_queue_set_notification(q->tx_vq, 1);
1535     ret = virtio_net_flush_tx(q);
1536     if (ret == -EINVAL) {
1537         return;
1538     } else if (ret > 0) {
1539         virtio_queue_set_notification(q->tx_vq, 0);
1540         qemu_bh_schedule(q->tx_bh);
1541         q->tx_waiting = 1;
1542     }
1543 }
1544 
1545 static void virtio_net_add_queue(VirtIONet *n, int index)
1546 {
1547     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1548 
1549     n->vqs[index].rx_vq = virtio_add_queue(vdev, n->net_conf.rx_queue_size,
1550                                            virtio_net_handle_rx);
1551 
1552     if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
1553         n->vqs[index].tx_vq =
1554             virtio_add_queue(vdev, n->net_conf.tx_queue_size,
1555                              virtio_net_handle_tx_timer);
1556         n->vqs[index].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1557                                               virtio_net_tx_timer,
1558                                               &n->vqs[index]);
1559     } else {
1560         n->vqs[index].tx_vq =
1561             virtio_add_queue(vdev, n->net_conf.tx_queue_size,
1562                              virtio_net_handle_tx_bh);
1563         n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]);
1564     }
1565 
1566     n->vqs[index].tx_waiting = 0;
1567     n->vqs[index].n = n;
1568 }
1569 
1570 static void virtio_net_del_queue(VirtIONet *n, int index)
1571 {
1572     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1573     VirtIONetQueue *q = &n->vqs[index];
1574     NetClientState *nc = qemu_get_subqueue(n->nic, index);
1575 
1576     qemu_purge_queued_packets(nc);
1577 
1578     virtio_del_queue(vdev, index * 2);
1579     if (q->tx_timer) {
1580         timer_del(q->tx_timer);
1581         timer_free(q->tx_timer);
1582         q->tx_timer = NULL;
1583     } else {
1584         qemu_bh_delete(q->tx_bh);
1585         q->tx_bh = NULL;
1586     }
1587     q->tx_waiting = 0;
1588     virtio_del_queue(vdev, index * 2 + 1);
1589 }
1590 
1591 static void virtio_net_change_num_queues(VirtIONet *n, int new_max_queues)
1592 {
1593     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1594     int old_num_queues = virtio_get_num_queues(vdev);
1595     int new_num_queues = new_max_queues * 2 + 1;
1596     int i;
1597 
1598     assert(old_num_queues >= 3);
1599     assert(old_num_queues % 2 == 1);
1600 
1601     if (old_num_queues == new_num_queues) {
1602         return;
1603     }
1604 
1605     /*
1606      * We always need to remove and add ctrl vq if
1607      * old_num_queues != new_num_queues. Remove ctrl_vq first,
1608      * and then we only enter one of the following too loops.
1609      */
1610     virtio_del_queue(vdev, old_num_queues - 1);
1611 
1612     for (i = new_num_queues - 1; i < old_num_queues - 1; i += 2) {
1613         /* new_num_queues < old_num_queues */
1614         virtio_net_del_queue(n, i / 2);
1615     }
1616 
1617     for (i = old_num_queues - 1; i < new_num_queues - 1; i += 2) {
1618         /* new_num_queues > old_num_queues */
1619         virtio_net_add_queue(n, i / 2);
1620     }
1621 
1622     /* add ctrl_vq last */
1623     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1624 }
1625 
1626 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
1627 {
1628     int max = multiqueue ? n->max_queues : 1;
1629 
1630     n->multiqueue = multiqueue;
1631     virtio_net_change_num_queues(n, max);
1632 
1633     virtio_net_set_queues(n);
1634 }
1635 
1636 static int virtio_net_post_load_device(void *opaque, int version_id)
1637 {
1638     VirtIONet *n = opaque;
1639     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1640     int i, link_down;
1641 
1642     virtio_net_set_mrg_rx_bufs(n, n->mergeable_rx_bufs,
1643                                virtio_vdev_has_feature(vdev,
1644                                                        VIRTIO_F_VERSION_1));
1645 
1646     /* MAC_TABLE_ENTRIES may be different from the saved image */
1647     if (n->mac_table.in_use > MAC_TABLE_ENTRIES) {
1648         n->mac_table.in_use = 0;
1649     }
1650 
1651     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
1652         n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
1653     }
1654 
1655     if (peer_has_vnet_hdr(n)) {
1656         virtio_net_apply_guest_offloads(n);
1657     }
1658 
1659     virtio_net_set_queues(n);
1660 
1661     /* Find the first multicast entry in the saved MAC filter */
1662     for (i = 0; i < n->mac_table.in_use; i++) {
1663         if (n->mac_table.macs[i * ETH_ALEN] & 1) {
1664             break;
1665         }
1666     }
1667     n->mac_table.first_multi = i;
1668 
1669     /* nc.link_down can't be migrated, so infer link_down according
1670      * to link status bit in n->status */
1671     link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
1672     for (i = 0; i < n->max_queues; i++) {
1673         qemu_get_subqueue(n->nic, i)->link_down = link_down;
1674     }
1675 
1676     if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
1677         virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
1678         n->announce_counter = SELF_ANNOUNCE_ROUNDS;
1679         timer_mod(n->announce_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL));
1680     }
1681 
1682     return 0;
1683 }
1684 
1685 /* tx_waiting field of a VirtIONetQueue */
1686 static const VMStateDescription vmstate_virtio_net_queue_tx_waiting = {
1687     .name = "virtio-net-queue-tx_waiting",
1688     .fields = (VMStateField[]) {
1689         VMSTATE_UINT32(tx_waiting, VirtIONetQueue),
1690         VMSTATE_END_OF_LIST()
1691    },
1692 };
1693 
1694 static bool max_queues_gt_1(void *opaque, int version_id)
1695 {
1696     return VIRTIO_NET(opaque)->max_queues > 1;
1697 }
1698 
1699 static bool has_ctrl_guest_offloads(void *opaque, int version_id)
1700 {
1701     return virtio_vdev_has_feature(VIRTIO_DEVICE(opaque),
1702                                    VIRTIO_NET_F_CTRL_GUEST_OFFLOADS);
1703 }
1704 
1705 static bool mac_table_fits(void *opaque, int version_id)
1706 {
1707     return VIRTIO_NET(opaque)->mac_table.in_use <= MAC_TABLE_ENTRIES;
1708 }
1709 
1710 static bool mac_table_doesnt_fit(void *opaque, int version_id)
1711 {
1712     return !mac_table_fits(opaque, version_id);
1713 }
1714 
1715 /* This temporary type is shared by all the WITH_TMP methods
1716  * although only some fields are used by each.
1717  */
1718 struct VirtIONetMigTmp {
1719     VirtIONet      *parent;
1720     VirtIONetQueue *vqs_1;
1721     uint16_t        curr_queues_1;
1722     uint8_t         has_ufo;
1723     uint32_t        has_vnet_hdr;
1724 };
1725 
1726 /* The 2nd and subsequent tx_waiting flags are loaded later than
1727  * the 1st entry in the queues and only if there's more than one
1728  * entry.  We use the tmp mechanism to calculate a temporary
1729  * pointer and count and also validate the count.
1730  */
1731 
1732 static int virtio_net_tx_waiting_pre_save(void *opaque)
1733 {
1734     struct VirtIONetMigTmp *tmp = opaque;
1735 
1736     tmp->vqs_1 = tmp->parent->vqs + 1;
1737     tmp->curr_queues_1 = tmp->parent->curr_queues - 1;
1738     if (tmp->parent->curr_queues == 0) {
1739         tmp->curr_queues_1 = 0;
1740     }
1741 
1742     return 0;
1743 }
1744 
1745 static int virtio_net_tx_waiting_pre_load(void *opaque)
1746 {
1747     struct VirtIONetMigTmp *tmp = opaque;
1748 
1749     /* Reuse the pointer setup from save */
1750     virtio_net_tx_waiting_pre_save(opaque);
1751 
1752     if (tmp->parent->curr_queues > tmp->parent->max_queues) {
1753         error_report("virtio-net: curr_queues %x > max_queues %x",
1754             tmp->parent->curr_queues, tmp->parent->max_queues);
1755 
1756         return -EINVAL;
1757     }
1758 
1759     return 0; /* all good */
1760 }
1761 
1762 static const VMStateDescription vmstate_virtio_net_tx_waiting = {
1763     .name      = "virtio-net-tx_waiting",
1764     .pre_load  = virtio_net_tx_waiting_pre_load,
1765     .pre_save  = virtio_net_tx_waiting_pre_save,
1766     .fields    = (VMStateField[]) {
1767         VMSTATE_STRUCT_VARRAY_POINTER_UINT16(vqs_1, struct VirtIONetMigTmp,
1768                                      curr_queues_1,
1769                                      vmstate_virtio_net_queue_tx_waiting,
1770                                      struct VirtIONetQueue),
1771         VMSTATE_END_OF_LIST()
1772     },
1773 };
1774 
1775 /* the 'has_ufo' flag is just tested; if the incoming stream has the
1776  * flag set we need to check that we have it
1777  */
1778 static int virtio_net_ufo_post_load(void *opaque, int version_id)
1779 {
1780     struct VirtIONetMigTmp *tmp = opaque;
1781 
1782     if (tmp->has_ufo && !peer_has_ufo(tmp->parent)) {
1783         error_report("virtio-net: saved image requires TUN_F_UFO support");
1784         return -EINVAL;
1785     }
1786 
1787     return 0;
1788 }
1789 
1790 static int virtio_net_ufo_pre_save(void *opaque)
1791 {
1792     struct VirtIONetMigTmp *tmp = opaque;
1793 
1794     tmp->has_ufo = tmp->parent->has_ufo;
1795 
1796     return 0;
1797 }
1798 
1799 static const VMStateDescription vmstate_virtio_net_has_ufo = {
1800     .name      = "virtio-net-ufo",
1801     .post_load = virtio_net_ufo_post_load,
1802     .pre_save  = virtio_net_ufo_pre_save,
1803     .fields    = (VMStateField[]) {
1804         VMSTATE_UINT8(has_ufo, struct VirtIONetMigTmp),
1805         VMSTATE_END_OF_LIST()
1806     },
1807 };
1808 
1809 /* the 'has_vnet_hdr' flag is just tested; if the incoming stream has the
1810  * flag set we need to check that we have it
1811  */
1812 static int virtio_net_vnet_post_load(void *opaque, int version_id)
1813 {
1814     struct VirtIONetMigTmp *tmp = opaque;
1815 
1816     if (tmp->has_vnet_hdr && !peer_has_vnet_hdr(tmp->parent)) {
1817         error_report("virtio-net: saved image requires vnet_hdr=on");
1818         return -EINVAL;
1819     }
1820 
1821     return 0;
1822 }
1823 
1824 static int virtio_net_vnet_pre_save(void *opaque)
1825 {
1826     struct VirtIONetMigTmp *tmp = opaque;
1827 
1828     tmp->has_vnet_hdr = tmp->parent->has_vnet_hdr;
1829 
1830     return 0;
1831 }
1832 
1833 static const VMStateDescription vmstate_virtio_net_has_vnet = {
1834     .name      = "virtio-net-vnet",
1835     .post_load = virtio_net_vnet_post_load,
1836     .pre_save  = virtio_net_vnet_pre_save,
1837     .fields    = (VMStateField[]) {
1838         VMSTATE_UINT32(has_vnet_hdr, struct VirtIONetMigTmp),
1839         VMSTATE_END_OF_LIST()
1840     },
1841 };
1842 
1843 static const VMStateDescription vmstate_virtio_net_device = {
1844     .name = "virtio-net-device",
1845     .version_id = VIRTIO_NET_VM_VERSION,
1846     .minimum_version_id = VIRTIO_NET_VM_VERSION,
1847     .post_load = virtio_net_post_load_device,
1848     .fields = (VMStateField[]) {
1849         VMSTATE_UINT8_ARRAY(mac, VirtIONet, ETH_ALEN),
1850         VMSTATE_STRUCT_POINTER(vqs, VirtIONet,
1851                                vmstate_virtio_net_queue_tx_waiting,
1852                                VirtIONetQueue),
1853         VMSTATE_UINT32(mergeable_rx_bufs, VirtIONet),
1854         VMSTATE_UINT16(status, VirtIONet),
1855         VMSTATE_UINT8(promisc, VirtIONet),
1856         VMSTATE_UINT8(allmulti, VirtIONet),
1857         VMSTATE_UINT32(mac_table.in_use, VirtIONet),
1858 
1859         /* Guarded pair: If it fits we load it, else we throw it away
1860          * - can happen if source has a larger MAC table.; post-load
1861          *  sets flags in this case.
1862          */
1863         VMSTATE_VBUFFER_MULTIPLY(mac_table.macs, VirtIONet,
1864                                 0, mac_table_fits, mac_table.in_use,
1865                                  ETH_ALEN),
1866         VMSTATE_UNUSED_VARRAY_UINT32(VirtIONet, mac_table_doesnt_fit, 0,
1867                                      mac_table.in_use, ETH_ALEN),
1868 
1869         /* Note: This is an array of uint32's that's always been saved as a
1870          * buffer; hold onto your endiannesses; it's actually used as a bitmap
1871          * but based on the uint.
1872          */
1873         VMSTATE_BUFFER_POINTER_UNSAFE(vlans, VirtIONet, 0, MAX_VLAN >> 3),
1874         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
1875                          vmstate_virtio_net_has_vnet),
1876         VMSTATE_UINT8(mac_table.multi_overflow, VirtIONet),
1877         VMSTATE_UINT8(mac_table.uni_overflow, VirtIONet),
1878         VMSTATE_UINT8(alluni, VirtIONet),
1879         VMSTATE_UINT8(nomulti, VirtIONet),
1880         VMSTATE_UINT8(nouni, VirtIONet),
1881         VMSTATE_UINT8(nobcast, VirtIONet),
1882         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
1883                          vmstate_virtio_net_has_ufo),
1884         VMSTATE_SINGLE_TEST(max_queues, VirtIONet, max_queues_gt_1, 0,
1885                             vmstate_info_uint16_equal, uint16_t),
1886         VMSTATE_UINT16_TEST(curr_queues, VirtIONet, max_queues_gt_1),
1887         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
1888                          vmstate_virtio_net_tx_waiting),
1889         VMSTATE_UINT64_TEST(curr_guest_offloads, VirtIONet,
1890                             has_ctrl_guest_offloads),
1891         VMSTATE_END_OF_LIST()
1892    },
1893 };
1894 
1895 static NetClientInfo net_virtio_info = {
1896     .type = NET_CLIENT_DRIVER_NIC,
1897     .size = sizeof(NICState),
1898     .can_receive = virtio_net_can_receive,
1899     .receive = virtio_net_receive,
1900     .link_status_changed = virtio_net_set_link_status,
1901     .query_rx_filter = virtio_net_query_rxfilter,
1902 };
1903 
1904 static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
1905 {
1906     VirtIONet *n = VIRTIO_NET(vdev);
1907     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1908     assert(n->vhost_started);
1909     return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
1910 }
1911 
1912 static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
1913                                            bool mask)
1914 {
1915     VirtIONet *n = VIRTIO_NET(vdev);
1916     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1917     assert(n->vhost_started);
1918     vhost_net_virtqueue_mask(get_vhost_net(nc->peer),
1919                              vdev, idx, mask);
1920 }
1921 
1922 static void virtio_net_set_config_size(VirtIONet *n, uint64_t host_features)
1923 {
1924     int i, config_size = 0;
1925     virtio_add_feature(&host_features, VIRTIO_NET_F_MAC);
1926 
1927     for (i = 0; feature_sizes[i].flags != 0; i++) {
1928         if (host_features & feature_sizes[i].flags) {
1929             config_size = MAX(feature_sizes[i].end, config_size);
1930         }
1931     }
1932     n->config_size = config_size;
1933 }
1934 
1935 void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
1936                                    const char *type)
1937 {
1938     /*
1939      * The name can be NULL, the netclient name will be type.x.
1940      */
1941     assert(type != NULL);
1942 
1943     g_free(n->netclient_name);
1944     g_free(n->netclient_type);
1945     n->netclient_name = g_strdup(name);
1946     n->netclient_type = g_strdup(type);
1947 }
1948 
1949 static void virtio_net_device_realize(DeviceState *dev, Error **errp)
1950 {
1951     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
1952     VirtIONet *n = VIRTIO_NET(dev);
1953     NetClientState *nc;
1954     int i;
1955 
1956     if (n->net_conf.mtu) {
1957         n->host_features |= (1ULL << VIRTIO_NET_F_MTU);
1958     }
1959 
1960     if (n->net_conf.duplex_str) {
1961         if (strncmp(n->net_conf.duplex_str, "half", 5) == 0) {
1962             n->net_conf.duplex = DUPLEX_HALF;
1963         } else if (strncmp(n->net_conf.duplex_str, "full", 5) == 0) {
1964             n->net_conf.duplex = DUPLEX_FULL;
1965         } else {
1966             error_setg(errp, "'duplex' must be 'half' or 'full'");
1967         }
1968         n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
1969     } else {
1970         n->net_conf.duplex = DUPLEX_UNKNOWN;
1971     }
1972 
1973     if (n->net_conf.speed < SPEED_UNKNOWN) {
1974         error_setg(errp, "'speed' must be between 0 and INT_MAX");
1975     } else if (n->net_conf.speed >= 0) {
1976         n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
1977     }
1978 
1979     virtio_net_set_config_size(n, n->host_features);
1980     virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
1981 
1982     /*
1983      * We set a lower limit on RX queue size to what it always was.
1984      * Guests that want a smaller ring can always resize it without
1985      * help from us (using virtio 1 and up).
1986      */
1987     if (n->net_conf.rx_queue_size < VIRTIO_NET_RX_QUEUE_MIN_SIZE ||
1988         n->net_conf.rx_queue_size > VIRTQUEUE_MAX_SIZE ||
1989         !is_power_of_2(n->net_conf.rx_queue_size)) {
1990         error_setg(errp, "Invalid rx_queue_size (= %" PRIu16 "), "
1991                    "must be a power of 2 between %d and %d.",
1992                    n->net_conf.rx_queue_size, VIRTIO_NET_RX_QUEUE_MIN_SIZE,
1993                    VIRTQUEUE_MAX_SIZE);
1994         virtio_cleanup(vdev);
1995         return;
1996     }
1997 
1998     if (n->net_conf.tx_queue_size < VIRTIO_NET_TX_QUEUE_MIN_SIZE ||
1999         n->net_conf.tx_queue_size > VIRTQUEUE_MAX_SIZE ||
2000         !is_power_of_2(n->net_conf.tx_queue_size)) {
2001         error_setg(errp, "Invalid tx_queue_size (= %" PRIu16 "), "
2002                    "must be a power of 2 between %d and %d",
2003                    n->net_conf.tx_queue_size, VIRTIO_NET_TX_QUEUE_MIN_SIZE,
2004                    VIRTQUEUE_MAX_SIZE);
2005         virtio_cleanup(vdev);
2006         return;
2007     }
2008 
2009     n->max_queues = MAX(n->nic_conf.peers.queues, 1);
2010     if (n->max_queues * 2 + 1 > VIRTIO_QUEUE_MAX) {
2011         error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
2012                    "must be a positive integer less than %d.",
2013                    n->max_queues, (VIRTIO_QUEUE_MAX - 1) / 2);
2014         virtio_cleanup(vdev);
2015         return;
2016     }
2017     n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
2018     n->curr_queues = 1;
2019     n->tx_timeout = n->net_conf.txtimer;
2020 
2021     if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
2022                        && strcmp(n->net_conf.tx, "bh")) {
2023         warn_report("virtio-net: "
2024                     "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
2025                     n->net_conf.tx);
2026         error_printf("Defaulting to \"bh\"");
2027     }
2028 
2029     n->net_conf.tx_queue_size = MIN(virtio_net_max_tx_queue_size(n),
2030                                     n->net_conf.tx_queue_size);
2031 
2032     for (i = 0; i < n->max_queues; i++) {
2033         virtio_net_add_queue(n, i);
2034     }
2035 
2036     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
2037     qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
2038     memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
2039     n->status = VIRTIO_NET_S_LINK_UP;
2040     n->announce_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
2041                                      virtio_net_announce_timer, n);
2042 
2043     if (n->netclient_type) {
2044         /*
2045          * Happen when virtio_net_set_netclient_name has been called.
2046          */
2047         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
2048                               n->netclient_type, n->netclient_name, n);
2049     } else {
2050         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
2051                               object_get_typename(OBJECT(dev)), dev->id, n);
2052     }
2053 
2054     peer_test_vnet_hdr(n);
2055     if (peer_has_vnet_hdr(n)) {
2056         for (i = 0; i < n->max_queues; i++) {
2057             qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
2058         }
2059         n->host_hdr_len = sizeof(struct virtio_net_hdr);
2060     } else {
2061         n->host_hdr_len = 0;
2062     }
2063 
2064     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
2065 
2066     n->vqs[0].tx_waiting = 0;
2067     n->tx_burst = n->net_conf.txburst;
2068     virtio_net_set_mrg_rx_bufs(n, 0, 0);
2069     n->promisc = 1; /* for compatibility */
2070 
2071     n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
2072 
2073     n->vlans = g_malloc0(MAX_VLAN >> 3);
2074 
2075     nc = qemu_get_queue(n->nic);
2076     nc->rxfilter_notify_enabled = 1;
2077 
2078     n->qdev = dev;
2079 }
2080 
2081 static void virtio_net_device_unrealize(DeviceState *dev, Error **errp)
2082 {
2083     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
2084     VirtIONet *n = VIRTIO_NET(dev);
2085     int i, max_queues;
2086 
2087     /* This will stop vhost backend if appropriate. */
2088     virtio_net_set_status(vdev, 0);
2089 
2090     g_free(n->netclient_name);
2091     n->netclient_name = NULL;
2092     g_free(n->netclient_type);
2093     n->netclient_type = NULL;
2094 
2095     g_free(n->mac_table.macs);
2096     g_free(n->vlans);
2097 
2098     max_queues = n->multiqueue ? n->max_queues : 1;
2099     for (i = 0; i < max_queues; i++) {
2100         virtio_net_del_queue(n, i);
2101     }
2102 
2103     timer_del(n->announce_timer);
2104     timer_free(n->announce_timer);
2105     g_free(n->vqs);
2106     qemu_del_nic(n->nic);
2107     virtio_cleanup(vdev);
2108 }
2109 
2110 static void virtio_net_instance_init(Object *obj)
2111 {
2112     VirtIONet *n = VIRTIO_NET(obj);
2113 
2114     /*
2115      * The default config_size is sizeof(struct virtio_net_config).
2116      * Can be overriden with virtio_net_set_config_size.
2117      */
2118     n->config_size = sizeof(struct virtio_net_config);
2119     device_add_bootindex_property(obj, &n->nic_conf.bootindex,
2120                                   "bootindex", "/ethernet-phy@0",
2121                                   DEVICE(n), NULL);
2122 }
2123 
2124 static int virtio_net_pre_save(void *opaque)
2125 {
2126     VirtIONet *n = opaque;
2127 
2128     /* At this point, backend must be stopped, otherwise
2129      * it might keep writing to memory. */
2130     assert(!n->vhost_started);
2131 
2132     return 0;
2133 }
2134 
2135 static const VMStateDescription vmstate_virtio_net = {
2136     .name = "virtio-net",
2137     .minimum_version_id = VIRTIO_NET_VM_VERSION,
2138     .version_id = VIRTIO_NET_VM_VERSION,
2139     .fields = (VMStateField[]) {
2140         VMSTATE_VIRTIO_DEVICE,
2141         VMSTATE_END_OF_LIST()
2142     },
2143     .pre_save = virtio_net_pre_save,
2144 };
2145 
2146 static Property virtio_net_properties[] = {
2147     DEFINE_PROP_BIT64("csum", VirtIONet, host_features,
2148                     VIRTIO_NET_F_CSUM, true),
2149     DEFINE_PROP_BIT64("guest_csum", VirtIONet, host_features,
2150                     VIRTIO_NET_F_GUEST_CSUM, true),
2151     DEFINE_PROP_BIT64("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
2152     DEFINE_PROP_BIT64("guest_tso4", VirtIONet, host_features,
2153                     VIRTIO_NET_F_GUEST_TSO4, true),
2154     DEFINE_PROP_BIT64("guest_tso6", VirtIONet, host_features,
2155                     VIRTIO_NET_F_GUEST_TSO6, true),
2156     DEFINE_PROP_BIT64("guest_ecn", VirtIONet, host_features,
2157                     VIRTIO_NET_F_GUEST_ECN, true),
2158     DEFINE_PROP_BIT64("guest_ufo", VirtIONet, host_features,
2159                     VIRTIO_NET_F_GUEST_UFO, true),
2160     DEFINE_PROP_BIT64("guest_announce", VirtIONet, host_features,
2161                     VIRTIO_NET_F_GUEST_ANNOUNCE, true),
2162     DEFINE_PROP_BIT64("host_tso4", VirtIONet, host_features,
2163                     VIRTIO_NET_F_HOST_TSO4, true),
2164     DEFINE_PROP_BIT64("host_tso6", VirtIONet, host_features,
2165                     VIRTIO_NET_F_HOST_TSO6, true),
2166     DEFINE_PROP_BIT64("host_ecn", VirtIONet, host_features,
2167                     VIRTIO_NET_F_HOST_ECN, true),
2168     DEFINE_PROP_BIT64("host_ufo", VirtIONet, host_features,
2169                     VIRTIO_NET_F_HOST_UFO, true),
2170     DEFINE_PROP_BIT64("mrg_rxbuf", VirtIONet, host_features,
2171                     VIRTIO_NET_F_MRG_RXBUF, true),
2172     DEFINE_PROP_BIT64("status", VirtIONet, host_features,
2173                     VIRTIO_NET_F_STATUS, true),
2174     DEFINE_PROP_BIT64("ctrl_vq", VirtIONet, host_features,
2175                     VIRTIO_NET_F_CTRL_VQ, true),
2176     DEFINE_PROP_BIT64("ctrl_rx", VirtIONet, host_features,
2177                     VIRTIO_NET_F_CTRL_RX, true),
2178     DEFINE_PROP_BIT64("ctrl_vlan", VirtIONet, host_features,
2179                     VIRTIO_NET_F_CTRL_VLAN, true),
2180     DEFINE_PROP_BIT64("ctrl_rx_extra", VirtIONet, host_features,
2181                     VIRTIO_NET_F_CTRL_RX_EXTRA, true),
2182     DEFINE_PROP_BIT64("ctrl_mac_addr", VirtIONet, host_features,
2183                     VIRTIO_NET_F_CTRL_MAC_ADDR, true),
2184     DEFINE_PROP_BIT64("ctrl_guest_offloads", VirtIONet, host_features,
2185                     VIRTIO_NET_F_CTRL_GUEST_OFFLOADS, true),
2186     DEFINE_PROP_BIT64("mq", VirtIONet, host_features, VIRTIO_NET_F_MQ, false),
2187     DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
2188     DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
2189                        TX_TIMER_INTERVAL),
2190     DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
2191     DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
2192     DEFINE_PROP_UINT16("rx_queue_size", VirtIONet, net_conf.rx_queue_size,
2193                        VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE),
2194     DEFINE_PROP_UINT16("tx_queue_size", VirtIONet, net_conf.tx_queue_size,
2195                        VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE),
2196     DEFINE_PROP_UINT16("host_mtu", VirtIONet, net_conf.mtu, 0),
2197     DEFINE_PROP_BOOL("x-mtu-bypass-backend", VirtIONet, mtu_bypass_backend,
2198                      true),
2199     DEFINE_PROP_INT32("speed", VirtIONet, net_conf.speed, SPEED_UNKNOWN),
2200     DEFINE_PROP_STRING("duplex", VirtIONet, net_conf.duplex_str),
2201     DEFINE_PROP_END_OF_LIST(),
2202 };
2203 
2204 static void virtio_net_class_init(ObjectClass *klass, void *data)
2205 {
2206     DeviceClass *dc = DEVICE_CLASS(klass);
2207     VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
2208 
2209     dc->props = virtio_net_properties;
2210     dc->vmsd = &vmstate_virtio_net;
2211     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
2212     vdc->realize = virtio_net_device_realize;
2213     vdc->unrealize = virtio_net_device_unrealize;
2214     vdc->get_config = virtio_net_get_config;
2215     vdc->set_config = virtio_net_set_config;
2216     vdc->get_features = virtio_net_get_features;
2217     vdc->set_features = virtio_net_set_features;
2218     vdc->bad_features = virtio_net_bad_features;
2219     vdc->reset = virtio_net_reset;
2220     vdc->set_status = virtio_net_set_status;
2221     vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
2222     vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
2223     vdc->legacy_features |= (0x1 << VIRTIO_NET_F_GSO);
2224     vdc->vmsd = &vmstate_virtio_net_device;
2225 }
2226 
2227 static const TypeInfo virtio_net_info = {
2228     .name = TYPE_VIRTIO_NET,
2229     .parent = TYPE_VIRTIO_DEVICE,
2230     .instance_size = sizeof(VirtIONet),
2231     .instance_init = virtio_net_instance_init,
2232     .class_init = virtio_net_class_init,
2233 };
2234 
2235 static void virtio_register_types(void)
2236 {
2237     type_register_static(&virtio_net_info);
2238 }
2239 
2240 type_init(virtio_register_types)
2241