xref: /openbmc/qemu/hw/net/virtio-net.c (revision 786a4ea8)
1 /*
2  * Virtio Network Device
3  *
4  * Copyright IBM, Corp. 2007
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2.  See
10  * the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/iov.h"
15 #include "hw/virtio/virtio.h"
16 #include "net/net.h"
17 #include "net/checksum.h"
18 #include "net/tap.h"
19 #include "qemu/error-report.h"
20 #include "qemu/timer.h"
21 #include "hw/virtio/virtio-net.h"
22 #include "net/vhost_net.h"
23 #include "hw/virtio/virtio-bus.h"
24 #include "qapi/qmp/qjson.h"
25 #include "qapi-event.h"
26 #include "hw/virtio/virtio-access.h"
27 
28 #define VIRTIO_NET_VM_VERSION    11
29 
30 #define MAC_TABLE_ENTRIES    64
31 #define MAX_VLAN    (1 << 12)   /* Per 802.1Q definition */
32 
33 /*
34  * Calculate the number of bytes up to and including the given 'field' of
35  * 'container'.
36  */
37 #define endof(container, field) \
38     (offsetof(container, field) + sizeof(((container *)0)->field))
39 
40 typedef struct VirtIOFeature {
41     uint32_t flags;
42     size_t end;
43 } VirtIOFeature;
44 
45 static VirtIOFeature feature_sizes[] = {
46     {.flags = 1 << VIRTIO_NET_F_MAC,
47      .end = endof(struct virtio_net_config, mac)},
48     {.flags = 1 << VIRTIO_NET_F_STATUS,
49      .end = endof(struct virtio_net_config, status)},
50     {.flags = 1 << VIRTIO_NET_F_MQ,
51      .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
52     {}
53 };
54 
55 static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
56 {
57     VirtIONet *n = qemu_get_nic_opaque(nc);
58 
59     return &n->vqs[nc->queue_index];
60 }
61 
62 static int vq2q(int queue_index)
63 {
64     return queue_index / 2;
65 }
66 
67 /* TODO
68  * - we could suppress RX interrupt if we were so inclined.
69  */
70 
71 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
72 {
73     VirtIONet *n = VIRTIO_NET(vdev);
74     struct virtio_net_config netcfg;
75 
76     virtio_stw_p(vdev, &netcfg.status, n->status);
77     virtio_stw_p(vdev, &netcfg.max_virtqueue_pairs, n->max_queues);
78     memcpy(netcfg.mac, n->mac, ETH_ALEN);
79     memcpy(config, &netcfg, n->config_size);
80 }
81 
82 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
83 {
84     VirtIONet *n = VIRTIO_NET(vdev);
85     struct virtio_net_config netcfg = {};
86 
87     memcpy(&netcfg, config, n->config_size);
88 
89     if (!virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR) &&
90         memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
91         memcpy(n->mac, netcfg.mac, ETH_ALEN);
92         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
93     }
94 }
95 
96 static bool virtio_net_started(VirtIONet *n, uint8_t status)
97 {
98     VirtIODevice *vdev = VIRTIO_DEVICE(n);
99     return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
100         (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
101 }
102 
103 static void virtio_net_announce_timer(void *opaque)
104 {
105     VirtIONet *n = opaque;
106     VirtIODevice *vdev = VIRTIO_DEVICE(n);
107 
108     n->announce_counter--;
109     n->status |= VIRTIO_NET_S_ANNOUNCE;
110     virtio_notify_config(vdev);
111 }
112 
113 static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
114 {
115     VirtIODevice *vdev = VIRTIO_DEVICE(n);
116     NetClientState *nc = qemu_get_queue(n->nic);
117     int queues = n->multiqueue ? n->max_queues : 1;
118 
119     if (!get_vhost_net(nc->peer)) {
120         return;
121     }
122 
123     if ((virtio_net_started(n, status) && !nc->peer->link_down) ==
124         !!n->vhost_started) {
125         return;
126     }
127     if (!n->vhost_started) {
128         int r, i;
129 
130         if (!vhost_net_query(get_vhost_net(nc->peer), vdev)) {
131             return;
132         }
133 
134         /* Any packets outstanding? Purge them to avoid touching rings
135          * when vhost is running.
136          */
137         for (i = 0;  i < queues; i++) {
138             NetClientState *qnc = qemu_get_subqueue(n->nic, i);
139 
140             /* Purge both directions: TX and RX. */
141             qemu_net_queue_purge(qnc->peer->incoming_queue, qnc);
142             qemu_net_queue_purge(qnc->incoming_queue, qnc->peer);
143         }
144 
145         n->vhost_started = 1;
146         r = vhost_net_start(vdev, n->nic->ncs, queues);
147         if (r < 0) {
148             error_report("unable to start vhost net: %d: "
149                          "falling back on userspace virtio", -r);
150             n->vhost_started = 0;
151         }
152     } else {
153         vhost_net_stop(vdev, n->nic->ncs, queues);
154         n->vhost_started = 0;
155     }
156 }
157 
158 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
159 {
160     VirtIONet *n = VIRTIO_NET(vdev);
161     VirtIONetQueue *q;
162     int i;
163     uint8_t queue_status;
164 
165     virtio_net_vhost_status(n, status);
166 
167     for (i = 0; i < n->max_queues; i++) {
168         q = &n->vqs[i];
169 
170         if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
171             queue_status = 0;
172         } else {
173             queue_status = status;
174         }
175 
176         if (!q->tx_waiting) {
177             continue;
178         }
179 
180         if (virtio_net_started(n, queue_status) && !n->vhost_started) {
181             if (q->tx_timer) {
182                 timer_mod(q->tx_timer,
183                                qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
184             } else {
185                 qemu_bh_schedule(q->tx_bh);
186             }
187         } else {
188             if (q->tx_timer) {
189                 timer_del(q->tx_timer);
190             } else {
191                 qemu_bh_cancel(q->tx_bh);
192             }
193         }
194     }
195 }
196 
197 static void virtio_net_set_link_status(NetClientState *nc)
198 {
199     VirtIONet *n = qemu_get_nic_opaque(nc);
200     VirtIODevice *vdev = VIRTIO_DEVICE(n);
201     uint16_t old_status = n->status;
202 
203     if (nc->link_down)
204         n->status &= ~VIRTIO_NET_S_LINK_UP;
205     else
206         n->status |= VIRTIO_NET_S_LINK_UP;
207 
208     if (n->status != old_status)
209         virtio_notify_config(vdev);
210 
211     virtio_net_set_status(vdev, vdev->status);
212 }
213 
214 static void rxfilter_notify(NetClientState *nc)
215 {
216     VirtIONet *n = qemu_get_nic_opaque(nc);
217 
218     if (nc->rxfilter_notify_enabled) {
219         gchar *path = object_get_canonical_path(OBJECT(n->qdev));
220         qapi_event_send_nic_rx_filter_changed(!!n->netclient_name,
221                                               n->netclient_name, path, &error_abort);
222         g_free(path);
223 
224         /* disable event notification to avoid events flooding */
225         nc->rxfilter_notify_enabled = 0;
226     }
227 }
228 
229 static char *mac_strdup_printf(const uint8_t *mac)
230 {
231     return g_strdup_printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", mac[0],
232                             mac[1], mac[2], mac[3], mac[4], mac[5]);
233 }
234 
235 static intList *get_vlan_table(VirtIONet *n)
236 {
237     intList *list, *entry;
238     int i, j;
239 
240     list = NULL;
241     for (i = 0; i < MAX_VLAN >> 5; i++) {
242         for (j = 0; n->vlans[i] && j <= 0x1f; j++) {
243             if (n->vlans[i] & (1U << j)) {
244                 entry = g_malloc0(sizeof(*entry));
245                 entry->value = (i << 5) + j;
246                 entry->next = list;
247                 list = entry;
248             }
249         }
250     }
251 
252     return list;
253 }
254 
255 static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
256 {
257     VirtIONet *n = qemu_get_nic_opaque(nc);
258     VirtIODevice *vdev = VIRTIO_DEVICE(n);
259     RxFilterInfo *info;
260     strList *str_list, *entry;
261     int i;
262 
263     info = g_malloc0(sizeof(*info));
264     info->name = g_strdup(nc->name);
265     info->promiscuous = n->promisc;
266 
267     if (n->nouni) {
268         info->unicast = RX_STATE_NONE;
269     } else if (n->alluni) {
270         info->unicast = RX_STATE_ALL;
271     } else {
272         info->unicast = RX_STATE_NORMAL;
273     }
274 
275     if (n->nomulti) {
276         info->multicast = RX_STATE_NONE;
277     } else if (n->allmulti) {
278         info->multicast = RX_STATE_ALL;
279     } else {
280         info->multicast = RX_STATE_NORMAL;
281     }
282 
283     info->broadcast_allowed = n->nobcast;
284     info->multicast_overflow = n->mac_table.multi_overflow;
285     info->unicast_overflow = n->mac_table.uni_overflow;
286 
287     info->main_mac = mac_strdup_printf(n->mac);
288 
289     str_list = NULL;
290     for (i = 0; i < n->mac_table.first_multi; i++) {
291         entry = g_malloc0(sizeof(*entry));
292         entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
293         entry->next = str_list;
294         str_list = entry;
295     }
296     info->unicast_table = str_list;
297 
298     str_list = NULL;
299     for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
300         entry = g_malloc0(sizeof(*entry));
301         entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
302         entry->next = str_list;
303         str_list = entry;
304     }
305     info->multicast_table = str_list;
306     info->vlan_table = get_vlan_table(n);
307 
308     if (!virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_VLAN)) {
309         info->vlan = RX_STATE_ALL;
310     } else if (!info->vlan_table) {
311         info->vlan = RX_STATE_NONE;
312     } else {
313         info->vlan = RX_STATE_NORMAL;
314     }
315 
316     /* enable event notification after query */
317     nc->rxfilter_notify_enabled = 1;
318 
319     return info;
320 }
321 
322 static void virtio_net_reset(VirtIODevice *vdev)
323 {
324     VirtIONet *n = VIRTIO_NET(vdev);
325 
326     /* Reset back to compatibility mode */
327     n->promisc = 1;
328     n->allmulti = 0;
329     n->alluni = 0;
330     n->nomulti = 0;
331     n->nouni = 0;
332     n->nobcast = 0;
333     /* multiqueue is disabled by default */
334     n->curr_queues = 1;
335     timer_del(n->announce_timer);
336     n->announce_counter = 0;
337     n->status &= ~VIRTIO_NET_S_ANNOUNCE;
338 
339     /* Flush any MAC and VLAN filter table state */
340     n->mac_table.in_use = 0;
341     n->mac_table.first_multi = 0;
342     n->mac_table.multi_overflow = 0;
343     n->mac_table.uni_overflow = 0;
344     memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
345     memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
346     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
347     memset(n->vlans, 0, MAX_VLAN >> 3);
348 }
349 
350 static void peer_test_vnet_hdr(VirtIONet *n)
351 {
352     NetClientState *nc = qemu_get_queue(n->nic);
353     if (!nc->peer) {
354         return;
355     }
356 
357     n->has_vnet_hdr = qemu_has_vnet_hdr(nc->peer);
358 }
359 
360 static int peer_has_vnet_hdr(VirtIONet *n)
361 {
362     return n->has_vnet_hdr;
363 }
364 
365 static int peer_has_ufo(VirtIONet *n)
366 {
367     if (!peer_has_vnet_hdr(n))
368         return 0;
369 
370     n->has_ufo = qemu_has_ufo(qemu_get_queue(n->nic)->peer);
371 
372     return n->has_ufo;
373 }
374 
375 static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs)
376 {
377     int i;
378     NetClientState *nc;
379 
380     n->mergeable_rx_bufs = mergeable_rx_bufs;
381 
382     n->guest_hdr_len = n->mergeable_rx_bufs ?
383         sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
384 
385     for (i = 0; i < n->max_queues; i++) {
386         nc = qemu_get_subqueue(n->nic, i);
387 
388         if (peer_has_vnet_hdr(n) &&
389             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
390             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
391             n->host_hdr_len = n->guest_hdr_len;
392         }
393     }
394 }
395 
396 static int peer_attach(VirtIONet *n, int index)
397 {
398     NetClientState *nc = qemu_get_subqueue(n->nic, index);
399 
400     if (!nc->peer) {
401         return 0;
402     }
403 
404     if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
405         return 0;
406     }
407 
408     return tap_enable(nc->peer);
409 }
410 
411 static int peer_detach(VirtIONet *n, int index)
412 {
413     NetClientState *nc = qemu_get_subqueue(n->nic, index);
414 
415     if (!nc->peer) {
416         return 0;
417     }
418 
419     if (nc->peer->info->type !=  NET_CLIENT_OPTIONS_KIND_TAP) {
420         return 0;
421     }
422 
423     return tap_disable(nc->peer);
424 }
425 
426 static void virtio_net_set_queues(VirtIONet *n)
427 {
428     int i;
429     int r;
430 
431     for (i = 0; i < n->max_queues; i++) {
432         if (i < n->curr_queues) {
433             r = peer_attach(n, i);
434             assert(!r);
435         } else {
436             r = peer_detach(n, i);
437             assert(!r);
438         }
439     }
440 }
441 
442 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
443 
444 static uint32_t virtio_net_get_features(VirtIODevice *vdev, uint32_t features)
445 {
446     VirtIONet *n = VIRTIO_NET(vdev);
447     NetClientState *nc = qemu_get_queue(n->nic);
448 
449     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
450 
451     if (!peer_has_vnet_hdr(n)) {
452         virtio_clear_feature(&features, VIRTIO_NET_F_CSUM);
453         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO4);
454         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO6);
455         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_ECN);
456 
457         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_CSUM);
458         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO4);
459         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO6);
460         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_ECN);
461     }
462 
463     if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
464         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_UFO);
465         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_UFO);
466     }
467 
468     if (!get_vhost_net(nc->peer)) {
469         return features;
470     }
471     return vhost_net_get_features(get_vhost_net(nc->peer), features);
472 }
473 
474 static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
475 {
476     uint32_t features = 0;
477 
478     /* Linux kernel 2.6.25.  It understood MAC (as everyone must),
479      * but also these: */
480     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
481     virtio_add_feature(&features, VIRTIO_NET_F_CSUM);
482     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO4);
483     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO6);
484     virtio_add_feature(&features, VIRTIO_NET_F_HOST_ECN);
485 
486     return features;
487 }
488 
489 static void virtio_net_apply_guest_offloads(VirtIONet *n)
490 {
491     qemu_set_offload(qemu_get_queue(n->nic)->peer,
492             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
493             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
494             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
495             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
496             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
497 }
498 
499 static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
500 {
501     static const uint64_t guest_offloads_mask =
502         (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
503         (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
504         (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
505         (1ULL << VIRTIO_NET_F_GUEST_ECN)  |
506         (1ULL << VIRTIO_NET_F_GUEST_UFO);
507 
508     return guest_offloads_mask & features;
509 }
510 
511 static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
512 {
513     VirtIODevice *vdev = VIRTIO_DEVICE(n);
514     return virtio_net_guest_offloads_by_features(vdev->guest_features);
515 }
516 
517 static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features)
518 {
519     VirtIONet *n = VIRTIO_NET(vdev);
520     int i;
521 
522     virtio_net_set_multiqueue(n,
523                               __virtio_has_feature(features, VIRTIO_NET_F_MQ));
524 
525     virtio_net_set_mrg_rx_bufs(n,
526                                __virtio_has_feature(features,
527                                                     VIRTIO_NET_F_MRG_RXBUF));
528 
529     if (n->has_vnet_hdr) {
530         n->curr_guest_offloads =
531             virtio_net_guest_offloads_by_features(features);
532         virtio_net_apply_guest_offloads(n);
533     }
534 
535     for (i = 0;  i < n->max_queues; i++) {
536         NetClientState *nc = qemu_get_subqueue(n->nic, i);
537 
538         if (!get_vhost_net(nc->peer)) {
539             continue;
540         }
541         vhost_net_ack_features(get_vhost_net(nc->peer), features);
542     }
543 
544     if (__virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN)) {
545         memset(n->vlans, 0, MAX_VLAN >> 3);
546     } else {
547         memset(n->vlans, 0xff, MAX_VLAN >> 3);
548     }
549 }
550 
551 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
552                                      struct iovec *iov, unsigned int iov_cnt)
553 {
554     uint8_t on;
555     size_t s;
556     NetClientState *nc = qemu_get_queue(n->nic);
557 
558     s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
559     if (s != sizeof(on)) {
560         return VIRTIO_NET_ERR;
561     }
562 
563     if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
564         n->promisc = on;
565     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
566         n->allmulti = on;
567     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
568         n->alluni = on;
569     } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
570         n->nomulti = on;
571     } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
572         n->nouni = on;
573     } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
574         n->nobcast = on;
575     } else {
576         return VIRTIO_NET_ERR;
577     }
578 
579     rxfilter_notify(nc);
580 
581     return VIRTIO_NET_OK;
582 }
583 
584 static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
585                                      struct iovec *iov, unsigned int iov_cnt)
586 {
587     VirtIODevice *vdev = VIRTIO_DEVICE(n);
588     uint64_t offloads;
589     size_t s;
590 
591     if (!virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
592         return VIRTIO_NET_ERR;
593     }
594 
595     s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
596     if (s != sizeof(offloads)) {
597         return VIRTIO_NET_ERR;
598     }
599 
600     if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
601         uint64_t supported_offloads;
602 
603         if (!n->has_vnet_hdr) {
604             return VIRTIO_NET_ERR;
605         }
606 
607         supported_offloads = virtio_net_supported_guest_offloads(n);
608         if (offloads & ~supported_offloads) {
609             return VIRTIO_NET_ERR;
610         }
611 
612         n->curr_guest_offloads = offloads;
613         virtio_net_apply_guest_offloads(n);
614 
615         return VIRTIO_NET_OK;
616     } else {
617         return VIRTIO_NET_ERR;
618     }
619 }
620 
621 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
622                                  struct iovec *iov, unsigned int iov_cnt)
623 {
624     VirtIODevice *vdev = VIRTIO_DEVICE(n);
625     struct virtio_net_ctrl_mac mac_data;
626     size_t s;
627     NetClientState *nc = qemu_get_queue(n->nic);
628 
629     if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
630         if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
631             return VIRTIO_NET_ERR;
632         }
633         s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
634         assert(s == sizeof(n->mac));
635         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
636         rxfilter_notify(nc);
637 
638         return VIRTIO_NET_OK;
639     }
640 
641     if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
642         return VIRTIO_NET_ERR;
643     }
644 
645     int in_use = 0;
646     int first_multi = 0;
647     uint8_t uni_overflow = 0;
648     uint8_t multi_overflow = 0;
649     uint8_t *macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
650 
651     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
652                    sizeof(mac_data.entries));
653     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
654     if (s != sizeof(mac_data.entries)) {
655         goto error;
656     }
657     iov_discard_front(&iov, &iov_cnt, s);
658 
659     if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
660         goto error;
661     }
662 
663     if (mac_data.entries <= MAC_TABLE_ENTRIES) {
664         s = iov_to_buf(iov, iov_cnt, 0, macs,
665                        mac_data.entries * ETH_ALEN);
666         if (s != mac_data.entries * ETH_ALEN) {
667             goto error;
668         }
669         in_use += mac_data.entries;
670     } else {
671         uni_overflow = 1;
672     }
673 
674     iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
675 
676     first_multi = in_use;
677 
678     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
679                    sizeof(mac_data.entries));
680     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
681     if (s != sizeof(mac_data.entries)) {
682         goto error;
683     }
684 
685     iov_discard_front(&iov, &iov_cnt, s);
686 
687     if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
688         goto error;
689     }
690 
691     if (mac_data.entries <= MAC_TABLE_ENTRIES - in_use) {
692         s = iov_to_buf(iov, iov_cnt, 0, &macs[in_use * ETH_ALEN],
693                        mac_data.entries * ETH_ALEN);
694         if (s != mac_data.entries * ETH_ALEN) {
695             goto error;
696         }
697         in_use += mac_data.entries;
698     } else {
699         multi_overflow = 1;
700     }
701 
702     n->mac_table.in_use = in_use;
703     n->mac_table.first_multi = first_multi;
704     n->mac_table.uni_overflow = uni_overflow;
705     n->mac_table.multi_overflow = multi_overflow;
706     memcpy(n->mac_table.macs, macs, MAC_TABLE_ENTRIES * ETH_ALEN);
707     g_free(macs);
708     rxfilter_notify(nc);
709 
710     return VIRTIO_NET_OK;
711 
712 error:
713     g_free(macs);
714     return VIRTIO_NET_ERR;
715 }
716 
717 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
718                                         struct iovec *iov, unsigned int iov_cnt)
719 {
720     VirtIODevice *vdev = VIRTIO_DEVICE(n);
721     uint16_t vid;
722     size_t s;
723     NetClientState *nc = qemu_get_queue(n->nic);
724 
725     s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
726     vid = virtio_lduw_p(vdev, &vid);
727     if (s != sizeof(vid)) {
728         return VIRTIO_NET_ERR;
729     }
730 
731     if (vid >= MAX_VLAN)
732         return VIRTIO_NET_ERR;
733 
734     if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
735         n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
736     else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
737         n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
738     else
739         return VIRTIO_NET_ERR;
740 
741     rxfilter_notify(nc);
742 
743     return VIRTIO_NET_OK;
744 }
745 
746 static int virtio_net_handle_announce(VirtIONet *n, uint8_t cmd,
747                                       struct iovec *iov, unsigned int iov_cnt)
748 {
749     if (cmd == VIRTIO_NET_CTRL_ANNOUNCE_ACK &&
750         n->status & VIRTIO_NET_S_ANNOUNCE) {
751         n->status &= ~VIRTIO_NET_S_ANNOUNCE;
752         if (n->announce_counter) {
753             timer_mod(n->announce_timer,
754                       qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
755                       self_announce_delay(n->announce_counter));
756         }
757         return VIRTIO_NET_OK;
758     } else {
759         return VIRTIO_NET_ERR;
760     }
761 }
762 
763 static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
764                                 struct iovec *iov, unsigned int iov_cnt)
765 {
766     VirtIODevice *vdev = VIRTIO_DEVICE(n);
767     struct virtio_net_ctrl_mq mq;
768     size_t s;
769     uint16_t queues;
770 
771     s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
772     if (s != sizeof(mq)) {
773         return VIRTIO_NET_ERR;
774     }
775 
776     if (cmd != VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
777         return VIRTIO_NET_ERR;
778     }
779 
780     queues = virtio_lduw_p(vdev, &mq.virtqueue_pairs);
781 
782     if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
783         queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
784         queues > n->max_queues ||
785         !n->multiqueue) {
786         return VIRTIO_NET_ERR;
787     }
788 
789     n->curr_queues = queues;
790     /* stop the backend before changing the number of queues to avoid handling a
791      * disabled queue */
792     virtio_net_set_status(vdev, vdev->status);
793     virtio_net_set_queues(n);
794 
795     return VIRTIO_NET_OK;
796 }
797 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
798 {
799     VirtIONet *n = VIRTIO_NET(vdev);
800     struct virtio_net_ctrl_hdr ctrl;
801     virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
802     VirtQueueElement elem;
803     size_t s;
804     struct iovec *iov, *iov2;
805     unsigned int iov_cnt;
806 
807     while (virtqueue_pop(vq, &elem)) {
808         if (iov_size(elem.in_sg, elem.in_num) < sizeof(status) ||
809             iov_size(elem.out_sg, elem.out_num) < sizeof(ctrl)) {
810             error_report("virtio-net ctrl missing headers");
811             exit(1);
812         }
813 
814         iov_cnt = elem.out_num;
815         iov2 = iov = g_memdup(elem.out_sg, sizeof(struct iovec) * elem.out_num);
816         s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
817         iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
818         if (s != sizeof(ctrl)) {
819             status = VIRTIO_NET_ERR;
820         } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
821             status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
822         } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
823             status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
824         } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
825             status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
826         } else if (ctrl.class == VIRTIO_NET_CTRL_ANNOUNCE) {
827             status = virtio_net_handle_announce(n, ctrl.cmd, iov, iov_cnt);
828         } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
829             status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
830         } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
831             status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
832         }
833 
834         s = iov_from_buf(elem.in_sg, elem.in_num, 0, &status, sizeof(status));
835         assert(s == sizeof(status));
836 
837         virtqueue_push(vq, &elem, sizeof(status));
838         virtio_notify(vdev, vq);
839         g_free(iov2);
840     }
841 }
842 
843 /* RX */
844 
845 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
846 {
847     VirtIONet *n = VIRTIO_NET(vdev);
848     int queue_index = vq2q(virtio_get_queue_index(vq));
849 
850     qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
851 }
852 
853 static int virtio_net_can_receive(NetClientState *nc)
854 {
855     VirtIONet *n = qemu_get_nic_opaque(nc);
856     VirtIODevice *vdev = VIRTIO_DEVICE(n);
857     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
858 
859     if (!vdev->vm_running) {
860         return 0;
861     }
862 
863     if (nc->queue_index >= n->curr_queues) {
864         return 0;
865     }
866 
867     if (!virtio_queue_ready(q->rx_vq) ||
868         !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
869         return 0;
870     }
871 
872     return 1;
873 }
874 
875 static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
876 {
877     VirtIONet *n = q->n;
878     if (virtio_queue_empty(q->rx_vq) ||
879         (n->mergeable_rx_bufs &&
880          !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
881         virtio_queue_set_notification(q->rx_vq, 1);
882 
883         /* To avoid a race condition where the guest has made some buffers
884          * available after the above check but before notification was
885          * enabled, check for available buffers again.
886          */
887         if (virtio_queue_empty(q->rx_vq) ||
888             (n->mergeable_rx_bufs &&
889              !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
890             return 0;
891         }
892     }
893 
894     virtio_queue_set_notification(q->rx_vq, 0);
895     return 1;
896 }
897 
898 static void virtio_net_hdr_swap(VirtIODevice *vdev, struct virtio_net_hdr *hdr)
899 {
900     virtio_tswap16s(vdev, &hdr->hdr_len);
901     virtio_tswap16s(vdev, &hdr->gso_size);
902     virtio_tswap16s(vdev, &hdr->csum_start);
903     virtio_tswap16s(vdev, &hdr->csum_offset);
904 }
905 
906 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
907  * it never finds out that the packets don't have valid checksums.  This
908  * causes dhclient to get upset.  Fedora's carried a patch for ages to
909  * fix this with Xen but it hasn't appeared in an upstream release of
910  * dhclient yet.
911  *
912  * To avoid breaking existing guests, we catch udp packets and add
913  * checksums.  This is terrible but it's better than hacking the guest
914  * kernels.
915  *
916  * N.B. if we introduce a zero-copy API, this operation is no longer free so
917  * we should provide a mechanism to disable it to avoid polluting the host
918  * cache.
919  */
920 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
921                                         uint8_t *buf, size_t size)
922 {
923     if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
924         (size > 27 && size < 1500) && /* normal sized MTU */
925         (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
926         (buf[23] == 17) && /* ip.protocol == UDP */
927         (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
928         net_checksum_calculate(buf, size);
929         hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
930     }
931 }
932 
933 static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
934                            const void *buf, size_t size)
935 {
936     if (n->has_vnet_hdr) {
937         /* FIXME this cast is evil */
938         void *wbuf = (void *)buf;
939         work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
940                                     size - n->host_hdr_len);
941         virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
942         iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
943     } else {
944         struct virtio_net_hdr hdr = {
945             .flags = 0,
946             .gso_type = VIRTIO_NET_HDR_GSO_NONE
947         };
948         iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
949     }
950 }
951 
952 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
953 {
954     static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
955     static const uint8_t vlan[] = {0x81, 0x00};
956     uint8_t *ptr = (uint8_t *)buf;
957     int i;
958 
959     if (n->promisc)
960         return 1;
961 
962     ptr += n->host_hdr_len;
963 
964     if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
965         int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;
966         if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
967             return 0;
968     }
969 
970     if (ptr[0] & 1) { // multicast
971         if (!memcmp(ptr, bcast, sizeof(bcast))) {
972             return !n->nobcast;
973         } else if (n->nomulti) {
974             return 0;
975         } else if (n->allmulti || n->mac_table.multi_overflow) {
976             return 1;
977         }
978 
979         for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
980             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
981                 return 1;
982             }
983         }
984     } else { // unicast
985         if (n->nouni) {
986             return 0;
987         } else if (n->alluni || n->mac_table.uni_overflow) {
988             return 1;
989         } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
990             return 1;
991         }
992 
993         for (i = 0; i < n->mac_table.first_multi; i++) {
994             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
995                 return 1;
996             }
997         }
998     }
999 
1000     return 0;
1001 }
1002 
1003 static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t size)
1004 {
1005     VirtIONet *n = qemu_get_nic_opaque(nc);
1006     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1007     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1008     struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
1009     struct virtio_net_hdr_mrg_rxbuf mhdr;
1010     unsigned mhdr_cnt = 0;
1011     size_t offset, i, guest_offset;
1012 
1013     if (!virtio_net_can_receive(nc)) {
1014         return -1;
1015     }
1016 
1017     /* hdr_len refers to the header we supply to the guest */
1018     if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
1019         return 0;
1020     }
1021 
1022     if (!receive_filter(n, buf, size))
1023         return size;
1024 
1025     offset = i = 0;
1026 
1027     while (offset < size) {
1028         VirtQueueElement elem;
1029         int len, total;
1030         const struct iovec *sg = elem.in_sg;
1031 
1032         total = 0;
1033 
1034         if (virtqueue_pop(q->rx_vq, &elem) == 0) {
1035             if (i == 0)
1036                 return -1;
1037             error_report("virtio-net unexpected empty queue: "
1038                     "i %zd mergeable %d offset %zd, size %zd, "
1039                     "guest hdr len %zd, host hdr len %zd guest features 0x%x",
1040                     i, n->mergeable_rx_bufs, offset, size,
1041                     n->guest_hdr_len, n->host_hdr_len, vdev->guest_features);
1042             exit(1);
1043         }
1044 
1045         if (elem.in_num < 1) {
1046             error_report("virtio-net receive queue contains no in buffers");
1047             exit(1);
1048         }
1049 
1050         if (i == 0) {
1051             assert(offset == 0);
1052             if (n->mergeable_rx_bufs) {
1053                 mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
1054                                     sg, elem.in_num,
1055                                     offsetof(typeof(mhdr), num_buffers),
1056                                     sizeof(mhdr.num_buffers));
1057             }
1058 
1059             receive_header(n, sg, elem.in_num, buf, size);
1060             offset = n->host_hdr_len;
1061             total += n->guest_hdr_len;
1062             guest_offset = n->guest_hdr_len;
1063         } else {
1064             guest_offset = 0;
1065         }
1066 
1067         /* copy in packet.  ugh */
1068         len = iov_from_buf(sg, elem.in_num, guest_offset,
1069                            buf + offset, size - offset);
1070         total += len;
1071         offset += len;
1072         /* If buffers can't be merged, at this point we
1073          * must have consumed the complete packet.
1074          * Otherwise, drop it. */
1075         if (!n->mergeable_rx_bufs && offset < size) {
1076 #if 0
1077             error_report("virtio-net truncated non-mergeable packet: "
1078                          "i %zd mergeable %d offset %zd, size %zd, "
1079                          "guest hdr len %zd, host hdr len %zd",
1080                          i, n->mergeable_rx_bufs,
1081                          offset, size, n->guest_hdr_len, n->host_hdr_len);
1082 #endif
1083             return size;
1084         }
1085 
1086         /* signal other side */
1087         virtqueue_fill(q->rx_vq, &elem, total, i++);
1088     }
1089 
1090     if (mhdr_cnt) {
1091         virtio_stw_p(vdev, &mhdr.num_buffers, i);
1092         iov_from_buf(mhdr_sg, mhdr_cnt,
1093                      0,
1094                      &mhdr.num_buffers, sizeof mhdr.num_buffers);
1095     }
1096 
1097     virtqueue_flush(q->rx_vq, i);
1098     virtio_notify(vdev, q->rx_vq);
1099 
1100     return size;
1101 }
1102 
1103 static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
1104 
1105 static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
1106 {
1107     VirtIONet *n = qemu_get_nic_opaque(nc);
1108     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1109     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1110 
1111     virtqueue_push(q->tx_vq, &q->async_tx.elem, 0);
1112     virtio_notify(vdev, q->tx_vq);
1113 
1114     q->async_tx.elem.out_num = q->async_tx.len = 0;
1115 
1116     virtio_queue_set_notification(q->tx_vq, 1);
1117     virtio_net_flush_tx(q);
1118 }
1119 
1120 /* TX */
1121 static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
1122 {
1123     VirtIONet *n = q->n;
1124     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1125     VirtQueueElement elem;
1126     int32_t num_packets = 0;
1127     int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
1128     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1129         return num_packets;
1130     }
1131 
1132     if (q->async_tx.elem.out_num) {
1133         virtio_queue_set_notification(q->tx_vq, 0);
1134         return num_packets;
1135     }
1136 
1137     while (virtqueue_pop(q->tx_vq, &elem)) {
1138         ssize_t ret, len;
1139         unsigned int out_num = elem.out_num;
1140         struct iovec *out_sg = &elem.out_sg[0];
1141         struct iovec sg[VIRTQUEUE_MAX_SIZE];
1142 
1143         if (out_num < 1) {
1144             error_report("virtio-net header not in first element");
1145             exit(1);
1146         }
1147 
1148         if (n->has_vnet_hdr) {
1149             if (out_sg[0].iov_len < n->guest_hdr_len) {
1150                 error_report("virtio-net header incorrect");
1151                 exit(1);
1152             }
1153             virtio_net_hdr_swap(vdev, (void *) out_sg[0].iov_base);
1154         }
1155 
1156         /*
1157          * If host wants to see the guest header as is, we can
1158          * pass it on unchanged. Otherwise, copy just the parts
1159          * that host is interested in.
1160          */
1161         assert(n->host_hdr_len <= n->guest_hdr_len);
1162         if (n->host_hdr_len != n->guest_hdr_len) {
1163             unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
1164                                        out_sg, out_num,
1165                                        0, n->host_hdr_len);
1166             sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
1167                              out_sg, out_num,
1168                              n->guest_hdr_len, -1);
1169             out_num = sg_num;
1170             out_sg = sg;
1171         }
1172 
1173         len = n->guest_hdr_len;
1174 
1175         ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
1176                                       out_sg, out_num, virtio_net_tx_complete);
1177         if (ret == 0) {
1178             virtio_queue_set_notification(q->tx_vq, 0);
1179             q->async_tx.elem = elem;
1180             q->async_tx.len  = len;
1181             return -EBUSY;
1182         }
1183 
1184         len += ret;
1185 
1186         virtqueue_push(q->tx_vq, &elem, 0);
1187         virtio_notify(vdev, q->tx_vq);
1188 
1189         if (++num_packets >= n->tx_burst) {
1190             break;
1191         }
1192     }
1193     return num_packets;
1194 }
1195 
1196 static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
1197 {
1198     VirtIONet *n = VIRTIO_NET(vdev);
1199     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1200 
1201     /* This happens when device was stopped but VCPU wasn't. */
1202     if (!vdev->vm_running) {
1203         q->tx_waiting = 1;
1204         return;
1205     }
1206 
1207     if (q->tx_waiting) {
1208         virtio_queue_set_notification(vq, 1);
1209         timer_del(q->tx_timer);
1210         q->tx_waiting = 0;
1211         virtio_net_flush_tx(q);
1212     } else {
1213         timer_mod(q->tx_timer,
1214                        qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
1215         q->tx_waiting = 1;
1216         virtio_queue_set_notification(vq, 0);
1217     }
1218 }
1219 
1220 static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
1221 {
1222     VirtIONet *n = VIRTIO_NET(vdev);
1223     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1224 
1225     if (unlikely(q->tx_waiting)) {
1226         return;
1227     }
1228     q->tx_waiting = 1;
1229     /* This happens when device was stopped but VCPU wasn't. */
1230     if (!vdev->vm_running) {
1231         return;
1232     }
1233     virtio_queue_set_notification(vq, 0);
1234     qemu_bh_schedule(q->tx_bh);
1235 }
1236 
1237 static void virtio_net_tx_timer(void *opaque)
1238 {
1239     VirtIONetQueue *q = opaque;
1240     VirtIONet *n = q->n;
1241     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1242     /* This happens when device was stopped but BH wasn't. */
1243     if (!vdev->vm_running) {
1244         /* Make sure tx waiting is set, so we'll run when restarted. */
1245         assert(q->tx_waiting);
1246         return;
1247     }
1248 
1249     q->tx_waiting = 0;
1250 
1251     /* Just in case the driver is not ready on more */
1252     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1253         return;
1254     }
1255 
1256     virtio_queue_set_notification(q->tx_vq, 1);
1257     virtio_net_flush_tx(q);
1258 }
1259 
1260 static void virtio_net_tx_bh(void *opaque)
1261 {
1262     VirtIONetQueue *q = opaque;
1263     VirtIONet *n = q->n;
1264     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1265     int32_t ret;
1266 
1267     /* This happens when device was stopped but BH wasn't. */
1268     if (!vdev->vm_running) {
1269         /* Make sure tx waiting is set, so we'll run when restarted. */
1270         assert(q->tx_waiting);
1271         return;
1272     }
1273 
1274     q->tx_waiting = 0;
1275 
1276     /* Just in case the driver is not ready on more */
1277     if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
1278         return;
1279     }
1280 
1281     ret = virtio_net_flush_tx(q);
1282     if (ret == -EBUSY) {
1283         return; /* Notification re-enable handled by tx_complete */
1284     }
1285 
1286     /* If we flush a full burst of packets, assume there are
1287      * more coming and immediately reschedule */
1288     if (ret >= n->tx_burst) {
1289         qemu_bh_schedule(q->tx_bh);
1290         q->tx_waiting = 1;
1291         return;
1292     }
1293 
1294     /* If less than a full burst, re-enable notification and flush
1295      * anything that may have come in while we weren't looking.  If
1296      * we find something, assume the guest is still active and reschedule */
1297     virtio_queue_set_notification(q->tx_vq, 1);
1298     if (virtio_net_flush_tx(q) > 0) {
1299         virtio_queue_set_notification(q->tx_vq, 0);
1300         qemu_bh_schedule(q->tx_bh);
1301         q->tx_waiting = 1;
1302     }
1303 }
1304 
1305 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
1306 {
1307     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1308     int i, max = multiqueue ? n->max_queues : 1;
1309 
1310     n->multiqueue = multiqueue;
1311 
1312     for (i = 2; i <= n->max_queues * 2 + 1; i++) {
1313         virtio_del_queue(vdev, i);
1314     }
1315 
1316     for (i = 1; i < max; i++) {
1317         n->vqs[i].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
1318         if (n->vqs[i].tx_timer) {
1319             n->vqs[i].tx_vq =
1320                 virtio_add_queue(vdev, 256, virtio_net_handle_tx_timer);
1321             n->vqs[i].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1322                                                    virtio_net_tx_timer,
1323                                                    &n->vqs[i]);
1324         } else {
1325             n->vqs[i].tx_vq =
1326                 virtio_add_queue(vdev, 256, virtio_net_handle_tx_bh);
1327             n->vqs[i].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[i]);
1328         }
1329 
1330         n->vqs[i].tx_waiting = 0;
1331         n->vqs[i].n = n;
1332     }
1333 
1334     /* Note: Minux Guests (version 3.2.1) use ctrl vq but don't ack
1335      * VIRTIO_NET_F_CTRL_VQ. Create ctrl vq unconditionally to avoid
1336      * breaking them.
1337      */
1338     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1339 
1340     virtio_net_set_queues(n);
1341 }
1342 
1343 static void virtio_net_save(QEMUFile *f, void *opaque)
1344 {
1345     VirtIONet *n = opaque;
1346     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1347 
1348     /* At this point, backend must be stopped, otherwise
1349      * it might keep writing to memory. */
1350     assert(!n->vhost_started);
1351     virtio_save(vdev, f);
1352 }
1353 
1354 static void virtio_net_save_device(VirtIODevice *vdev, QEMUFile *f)
1355 {
1356     VirtIONet *n = VIRTIO_NET(vdev);
1357     int i;
1358 
1359     qemu_put_buffer(f, n->mac, ETH_ALEN);
1360     qemu_put_be32(f, n->vqs[0].tx_waiting);
1361     qemu_put_be32(f, n->mergeable_rx_bufs);
1362     qemu_put_be16(f, n->status);
1363     qemu_put_byte(f, n->promisc);
1364     qemu_put_byte(f, n->allmulti);
1365     qemu_put_be32(f, n->mac_table.in_use);
1366     qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN);
1367     qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
1368     qemu_put_be32(f, n->has_vnet_hdr);
1369     qemu_put_byte(f, n->mac_table.multi_overflow);
1370     qemu_put_byte(f, n->mac_table.uni_overflow);
1371     qemu_put_byte(f, n->alluni);
1372     qemu_put_byte(f, n->nomulti);
1373     qemu_put_byte(f, n->nouni);
1374     qemu_put_byte(f, n->nobcast);
1375     qemu_put_byte(f, n->has_ufo);
1376     if (n->max_queues > 1) {
1377         qemu_put_be16(f, n->max_queues);
1378         qemu_put_be16(f, n->curr_queues);
1379         for (i = 1; i < n->curr_queues; i++) {
1380             qemu_put_be32(f, n->vqs[i].tx_waiting);
1381         }
1382     }
1383 
1384     if (virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
1385         qemu_put_be64(f, n->curr_guest_offloads);
1386     }
1387 }
1388 
1389 static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
1390 {
1391     VirtIONet *n = opaque;
1392     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1393 
1394     if (version_id < 2 || version_id > VIRTIO_NET_VM_VERSION)
1395         return -EINVAL;
1396 
1397     return virtio_load(vdev, f, version_id);
1398 }
1399 
1400 static int virtio_net_load_device(VirtIODevice *vdev, QEMUFile *f,
1401                                   int version_id)
1402 {
1403     VirtIONet *n = VIRTIO_NET(vdev);
1404     int i, link_down;
1405 
1406     qemu_get_buffer(f, n->mac, ETH_ALEN);
1407     n->vqs[0].tx_waiting = qemu_get_be32(f);
1408 
1409     virtio_net_set_mrg_rx_bufs(n, qemu_get_be32(f));
1410 
1411     if (version_id >= 3)
1412         n->status = qemu_get_be16(f);
1413 
1414     if (version_id >= 4) {
1415         if (version_id < 8) {
1416             n->promisc = qemu_get_be32(f);
1417             n->allmulti = qemu_get_be32(f);
1418         } else {
1419             n->promisc = qemu_get_byte(f);
1420             n->allmulti = qemu_get_byte(f);
1421         }
1422     }
1423 
1424     if (version_id >= 5) {
1425         n->mac_table.in_use = qemu_get_be32(f);
1426         /* MAC_TABLE_ENTRIES may be different from the saved image */
1427         if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
1428             qemu_get_buffer(f, n->mac_table.macs,
1429                             n->mac_table.in_use * ETH_ALEN);
1430         } else {
1431             int64_t i;
1432 
1433             /* Overflow detected - can happen if source has a larger MAC table.
1434              * We simply set overflow flag so there's no need to maintain the
1435              * table of addresses, discard them all.
1436              * Note: 64 bit math to avoid integer overflow.
1437              */
1438             for (i = 0; i < (int64_t)n->mac_table.in_use * ETH_ALEN; ++i) {
1439                 qemu_get_byte(f);
1440             }
1441             n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
1442             n->mac_table.in_use = 0;
1443         }
1444     }
1445 
1446     if (version_id >= 6)
1447         qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
1448 
1449     if (version_id >= 7) {
1450         if (qemu_get_be32(f) && !peer_has_vnet_hdr(n)) {
1451             error_report("virtio-net: saved image requires vnet_hdr=on");
1452             return -1;
1453         }
1454     }
1455 
1456     if (version_id >= 9) {
1457         n->mac_table.multi_overflow = qemu_get_byte(f);
1458         n->mac_table.uni_overflow = qemu_get_byte(f);
1459     }
1460 
1461     if (version_id >= 10) {
1462         n->alluni = qemu_get_byte(f);
1463         n->nomulti = qemu_get_byte(f);
1464         n->nouni = qemu_get_byte(f);
1465         n->nobcast = qemu_get_byte(f);
1466     }
1467 
1468     if (version_id >= 11) {
1469         if (qemu_get_byte(f) && !peer_has_ufo(n)) {
1470             error_report("virtio-net: saved image requires TUN_F_UFO support");
1471             return -1;
1472         }
1473     }
1474 
1475     if (n->max_queues > 1) {
1476         if (n->max_queues != qemu_get_be16(f)) {
1477             error_report("virtio-net: different max_queues ");
1478             return -1;
1479         }
1480 
1481         n->curr_queues = qemu_get_be16(f);
1482         if (n->curr_queues > n->max_queues) {
1483             error_report("virtio-net: curr_queues %x > max_queues %x",
1484                          n->curr_queues, n->max_queues);
1485             return -1;
1486         }
1487         for (i = 1; i < n->curr_queues; i++) {
1488             n->vqs[i].tx_waiting = qemu_get_be32(f);
1489         }
1490     }
1491 
1492     if (virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
1493         n->curr_guest_offloads = qemu_get_be64(f);
1494     } else {
1495         n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
1496     }
1497 
1498     if (peer_has_vnet_hdr(n)) {
1499         virtio_net_apply_guest_offloads(n);
1500     }
1501 
1502     virtio_net_set_queues(n);
1503 
1504     /* Find the first multicast entry in the saved MAC filter */
1505     for (i = 0; i < n->mac_table.in_use; i++) {
1506         if (n->mac_table.macs[i * ETH_ALEN] & 1) {
1507             break;
1508         }
1509     }
1510     n->mac_table.first_multi = i;
1511 
1512     /* nc.link_down can't be migrated, so infer link_down according
1513      * to link status bit in n->status */
1514     link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
1515     for (i = 0; i < n->max_queues; i++) {
1516         qemu_get_subqueue(n->nic, i)->link_down = link_down;
1517     }
1518 
1519     if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
1520         virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
1521         n->announce_counter = SELF_ANNOUNCE_ROUNDS;
1522         timer_mod(n->announce_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL));
1523     }
1524 
1525     return 0;
1526 }
1527 
1528 static NetClientInfo net_virtio_info = {
1529     .type = NET_CLIENT_OPTIONS_KIND_NIC,
1530     .size = sizeof(NICState),
1531     .can_receive = virtio_net_can_receive,
1532     .receive = virtio_net_receive,
1533     .link_status_changed = virtio_net_set_link_status,
1534     .query_rx_filter = virtio_net_query_rxfilter,
1535 };
1536 
1537 static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
1538 {
1539     VirtIONet *n = VIRTIO_NET(vdev);
1540     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1541     assert(n->vhost_started);
1542     return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
1543 }
1544 
1545 static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
1546                                            bool mask)
1547 {
1548     VirtIONet *n = VIRTIO_NET(vdev);
1549     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1550     assert(n->vhost_started);
1551     vhost_net_virtqueue_mask(get_vhost_net(nc->peer),
1552                              vdev, idx, mask);
1553 }
1554 
1555 void virtio_net_set_config_size(VirtIONet *n, uint32_t host_features)
1556 {
1557     int i, config_size = 0;
1558     virtio_add_feature(&host_features, VIRTIO_NET_F_MAC);
1559     for (i = 0; feature_sizes[i].flags != 0; i++) {
1560         if (host_features & feature_sizes[i].flags) {
1561             config_size = MAX(feature_sizes[i].end, config_size);
1562         }
1563     }
1564     n->config_size = config_size;
1565 }
1566 
1567 void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
1568                                    const char *type)
1569 {
1570     /*
1571      * The name can be NULL, the netclient name will be type.x.
1572      */
1573     assert(type != NULL);
1574 
1575     g_free(n->netclient_name);
1576     g_free(n->netclient_type);
1577     n->netclient_name = g_strdup(name);
1578     n->netclient_type = g_strdup(type);
1579 }
1580 
1581 static void virtio_net_device_realize(DeviceState *dev, Error **errp)
1582 {
1583     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
1584     VirtIONet *n = VIRTIO_NET(dev);
1585     NetClientState *nc;
1586     int i;
1587 
1588     virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
1589 
1590     n->max_queues = MAX(n->nic_conf.peers.queues, 1);
1591     if (n->max_queues * 2 + 1 > VIRTIO_PCI_QUEUE_MAX) {
1592         error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
1593                    "must be a postive integer less than %d.",
1594                    n->max_queues, (VIRTIO_PCI_QUEUE_MAX - 1) / 2);
1595         virtio_cleanup(vdev);
1596         return;
1597     }
1598     n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
1599     n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
1600     n->curr_queues = 1;
1601     n->vqs[0].n = n;
1602     n->tx_timeout = n->net_conf.txtimer;
1603 
1604     if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
1605                        && strcmp(n->net_conf.tx, "bh")) {
1606         error_report("virtio-net: "
1607                      "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
1608                      n->net_conf.tx);
1609         error_report("Defaulting to \"bh\"");
1610     }
1611 
1612     if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
1613         n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
1614                                            virtio_net_handle_tx_timer);
1615         n->vqs[0].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, virtio_net_tx_timer,
1616                                                &n->vqs[0]);
1617     } else {
1618         n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
1619                                            virtio_net_handle_tx_bh);
1620         n->vqs[0].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[0]);
1621     }
1622     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1623     qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
1624     memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
1625     n->status = VIRTIO_NET_S_LINK_UP;
1626     n->announce_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
1627                                      virtio_net_announce_timer, n);
1628 
1629     if (n->netclient_type) {
1630         /*
1631          * Happen when virtio_net_set_netclient_name has been called.
1632          */
1633         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1634                               n->netclient_type, n->netclient_name, n);
1635     } else {
1636         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1637                               object_get_typename(OBJECT(dev)), dev->id, n);
1638     }
1639 
1640     peer_test_vnet_hdr(n);
1641     if (peer_has_vnet_hdr(n)) {
1642         for (i = 0; i < n->max_queues; i++) {
1643             qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
1644         }
1645         n->host_hdr_len = sizeof(struct virtio_net_hdr);
1646     } else {
1647         n->host_hdr_len = 0;
1648     }
1649 
1650     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
1651 
1652     n->vqs[0].tx_waiting = 0;
1653     n->tx_burst = n->net_conf.txburst;
1654     virtio_net_set_mrg_rx_bufs(n, 0);
1655     n->promisc = 1; /* for compatibility */
1656 
1657     n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
1658 
1659     n->vlans = g_malloc0(MAX_VLAN >> 3);
1660 
1661     nc = qemu_get_queue(n->nic);
1662     nc->rxfilter_notify_enabled = 1;
1663 
1664     n->qdev = dev;
1665     register_savevm(dev, "virtio-net", -1, VIRTIO_NET_VM_VERSION,
1666                     virtio_net_save, virtio_net_load, n);
1667 }
1668 
1669 static void virtio_net_device_unrealize(DeviceState *dev, Error **errp)
1670 {
1671     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
1672     VirtIONet *n = VIRTIO_NET(dev);
1673     int i;
1674 
1675     /* This will stop vhost backend if appropriate. */
1676     virtio_net_set_status(vdev, 0);
1677 
1678     unregister_savevm(dev, "virtio-net", n);
1679 
1680     g_free(n->netclient_name);
1681     n->netclient_name = NULL;
1682     g_free(n->netclient_type);
1683     n->netclient_type = NULL;
1684 
1685     g_free(n->mac_table.macs);
1686     g_free(n->vlans);
1687 
1688     for (i = 0; i < n->max_queues; i++) {
1689         VirtIONetQueue *q = &n->vqs[i];
1690         NetClientState *nc = qemu_get_subqueue(n->nic, i);
1691 
1692         qemu_purge_queued_packets(nc);
1693 
1694         if (q->tx_timer) {
1695             timer_del(q->tx_timer);
1696             timer_free(q->tx_timer);
1697         } else if (q->tx_bh) {
1698             qemu_bh_delete(q->tx_bh);
1699         }
1700     }
1701 
1702     timer_del(n->announce_timer);
1703     timer_free(n->announce_timer);
1704     g_free(n->vqs);
1705     qemu_del_nic(n->nic);
1706     virtio_cleanup(vdev);
1707 }
1708 
1709 static void virtio_net_instance_init(Object *obj)
1710 {
1711     VirtIONet *n = VIRTIO_NET(obj);
1712 
1713     /*
1714      * The default config_size is sizeof(struct virtio_net_config).
1715      * Can be overriden with virtio_net_set_config_size.
1716      */
1717     n->config_size = sizeof(struct virtio_net_config);
1718     device_add_bootindex_property(obj, &n->nic_conf.bootindex,
1719                                   "bootindex", "/ethernet-phy@0",
1720                                   DEVICE(n), NULL);
1721 }
1722 
1723 static Property virtio_net_properties[] = {
1724     DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
1725     DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
1726                                                TX_TIMER_INTERVAL),
1727     DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
1728     DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
1729     DEFINE_PROP_END_OF_LIST(),
1730 };
1731 
1732 static void virtio_net_class_init(ObjectClass *klass, void *data)
1733 {
1734     DeviceClass *dc = DEVICE_CLASS(klass);
1735     VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1736 
1737     dc->props = virtio_net_properties;
1738     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1739     vdc->realize = virtio_net_device_realize;
1740     vdc->unrealize = virtio_net_device_unrealize;
1741     vdc->get_config = virtio_net_get_config;
1742     vdc->set_config = virtio_net_set_config;
1743     vdc->get_features = virtio_net_get_features;
1744     vdc->set_features = virtio_net_set_features;
1745     vdc->bad_features = virtio_net_bad_features;
1746     vdc->reset = virtio_net_reset;
1747     vdc->set_status = virtio_net_set_status;
1748     vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
1749     vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
1750     vdc->load = virtio_net_load_device;
1751     vdc->save = virtio_net_save_device;
1752 }
1753 
1754 static const TypeInfo virtio_net_info = {
1755     .name = TYPE_VIRTIO_NET,
1756     .parent = TYPE_VIRTIO_DEVICE,
1757     .instance_size = sizeof(VirtIONet),
1758     .instance_init = virtio_net_instance_init,
1759     .class_init = virtio_net_class_init,
1760 };
1761 
1762 static void virtio_register_types(void)
1763 {
1764     type_register_static(&virtio_net_info);
1765 }
1766 
1767 type_init(virtio_register_types)
1768