xref: /openbmc/qemu/hw/net/virtio-net.c (revision f6bda9cb)
1 /*
2  * Virtio Network Device
3  *
4  * Copyright IBM, Corp. 2007
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2.  See
10  * the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/iov.h"
15 #include "hw/virtio/virtio.h"
16 #include "net/net.h"
17 #include "net/checksum.h"
18 #include "net/tap.h"
19 #include "qemu/error-report.h"
20 #include "qemu/timer.h"
21 #include "hw/virtio/virtio-net.h"
22 #include "net/vhost_net.h"
23 #include "hw/virtio/virtio-bus.h"
24 #include "qapi/qmp/qjson.h"
25 #include "monitor/monitor.h"
26 
27 #define VIRTIO_NET_VM_VERSION    11
28 
29 #define MAC_TABLE_ENTRIES    64
30 #define MAX_VLAN    (1 << 12)   /* Per 802.1Q definition */
31 
32 /*
33  * Calculate the number of bytes up to and including the given 'field' of
34  * 'container'.
35  */
36 #define endof(container, field) \
37     (offsetof(container, field) + sizeof(((container *)0)->field))
38 
39 typedef struct VirtIOFeature {
40     uint32_t flags;
41     size_t end;
42 } VirtIOFeature;
43 
44 static VirtIOFeature feature_sizes[] = {
45     {.flags = 1 << VIRTIO_NET_F_MAC,
46      .end = endof(struct virtio_net_config, mac)},
47     {.flags = 1 << VIRTIO_NET_F_STATUS,
48      .end = endof(struct virtio_net_config, status)},
49     {.flags = 1 << VIRTIO_NET_F_MQ,
50      .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
51     {}
52 };
53 
54 static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
55 {
56     VirtIONet *n = qemu_get_nic_opaque(nc);
57 
58     return &n->vqs[nc->queue_index];
59 }
60 
61 static int vq2q(int queue_index)
62 {
63     return queue_index / 2;
64 }
65 
66 /* TODO
67  * - we could suppress RX interrupt if we were so inclined.
68  */
69 
70 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
71 {
72     VirtIONet *n = VIRTIO_NET(vdev);
73     struct virtio_net_config netcfg;
74 
75     stw_p(&netcfg.status, n->status);
76     stw_p(&netcfg.max_virtqueue_pairs, n->max_queues);
77     memcpy(netcfg.mac, n->mac, ETH_ALEN);
78     memcpy(config, &netcfg, n->config_size);
79 }
80 
81 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
82 {
83     VirtIONet *n = VIRTIO_NET(vdev);
84     struct virtio_net_config netcfg = {};
85 
86     memcpy(&netcfg, config, n->config_size);
87 
88     if (!(vdev->guest_features >> VIRTIO_NET_F_CTRL_MAC_ADDR & 1) &&
89         memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
90         memcpy(n->mac, netcfg.mac, ETH_ALEN);
91         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
92     }
93 }
94 
95 static bool virtio_net_started(VirtIONet *n, uint8_t status)
96 {
97     VirtIODevice *vdev = VIRTIO_DEVICE(n);
98     return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
99         (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
100 }
101 
102 static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
103 {
104     VirtIODevice *vdev = VIRTIO_DEVICE(n);
105     NetClientState *nc = qemu_get_queue(n->nic);
106     int queues = n->multiqueue ? n->max_queues : 1;
107 
108     if (!nc->peer) {
109         return;
110     }
111     if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
112         return;
113     }
114 
115     if (!tap_get_vhost_net(nc->peer)) {
116         return;
117     }
118 
119     if (!!n->vhost_started ==
120         (virtio_net_started(n, status) && !nc->peer->link_down)) {
121         return;
122     }
123     if (!n->vhost_started) {
124         int r;
125         if (!vhost_net_query(tap_get_vhost_net(nc->peer), vdev)) {
126             return;
127         }
128         n->vhost_started = 1;
129         r = vhost_net_start(vdev, n->nic->ncs, queues);
130         if (r < 0) {
131             error_report("unable to start vhost net: %d: "
132                          "falling back on userspace virtio", -r);
133             n->vhost_started = 0;
134         }
135     } else {
136         vhost_net_stop(vdev, n->nic->ncs, queues);
137         n->vhost_started = 0;
138     }
139 }
140 
141 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
142 {
143     VirtIONet *n = VIRTIO_NET(vdev);
144     VirtIONetQueue *q;
145     int i;
146     uint8_t queue_status;
147 
148     virtio_net_vhost_status(n, status);
149 
150     for (i = 0; i < n->max_queues; i++) {
151         q = &n->vqs[i];
152 
153         if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
154             queue_status = 0;
155         } else {
156             queue_status = status;
157         }
158 
159         if (!q->tx_waiting) {
160             continue;
161         }
162 
163         if (virtio_net_started(n, queue_status) && !n->vhost_started) {
164             if (q->tx_timer) {
165                 qemu_mod_timer(q->tx_timer,
166                                qemu_get_clock_ns(vm_clock) + n->tx_timeout);
167             } else {
168                 qemu_bh_schedule(q->tx_bh);
169             }
170         } else {
171             if (q->tx_timer) {
172                 qemu_del_timer(q->tx_timer);
173             } else {
174                 qemu_bh_cancel(q->tx_bh);
175             }
176         }
177     }
178 }
179 
180 static void virtio_net_set_link_status(NetClientState *nc)
181 {
182     VirtIONet *n = qemu_get_nic_opaque(nc);
183     VirtIODevice *vdev = VIRTIO_DEVICE(n);
184     uint16_t old_status = n->status;
185 
186     if (nc->link_down)
187         n->status &= ~VIRTIO_NET_S_LINK_UP;
188     else
189         n->status |= VIRTIO_NET_S_LINK_UP;
190 
191     if (n->status != old_status)
192         virtio_notify_config(vdev);
193 
194     virtio_net_set_status(vdev, vdev->status);
195 }
196 
197 static void rxfilter_notify(NetClientState *nc)
198 {
199     QObject *event_data;
200     VirtIONet *n = qemu_get_nic_opaque(nc);
201 
202     if (nc->rxfilter_notify_enabled) {
203         if (n->netclient_name) {
204             event_data = qobject_from_jsonf("{ 'name': %s, 'path': %s }",
205                                     n->netclient_name,
206                                     object_get_canonical_path(OBJECT(n->qdev)));
207         } else {
208             event_data = qobject_from_jsonf("{ 'path': %s }",
209                                     object_get_canonical_path(OBJECT(n->qdev)));
210         }
211         monitor_protocol_event(QEVENT_NIC_RX_FILTER_CHANGED, event_data);
212         qobject_decref(event_data);
213 
214         /* disable event notification to avoid events flooding */
215         nc->rxfilter_notify_enabled = 0;
216     }
217 }
218 
219 static char *mac_strdup_printf(const uint8_t *mac)
220 {
221     return g_strdup_printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", mac[0],
222                             mac[1], mac[2], mac[3], mac[4], mac[5]);
223 }
224 
225 static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
226 {
227     VirtIONet *n = qemu_get_nic_opaque(nc);
228     RxFilterInfo *info;
229     strList *str_list, *entry;
230     intList *int_list, *int_entry;
231     int i, j;
232 
233     info = g_malloc0(sizeof(*info));
234     info->name = g_strdup(nc->name);
235     info->promiscuous = n->promisc;
236 
237     if (n->nouni) {
238         info->unicast = RX_STATE_NONE;
239     } else if (n->alluni) {
240         info->unicast = RX_STATE_ALL;
241     } else {
242         info->unicast = RX_STATE_NORMAL;
243     }
244 
245     if (n->nomulti) {
246         info->multicast = RX_STATE_NONE;
247     } else if (n->allmulti) {
248         info->multicast = RX_STATE_ALL;
249     } else {
250         info->multicast = RX_STATE_NORMAL;
251     }
252 
253     info->broadcast_allowed = n->nobcast;
254     info->multicast_overflow = n->mac_table.multi_overflow;
255     info->unicast_overflow = n->mac_table.uni_overflow;
256 
257     info->main_mac = mac_strdup_printf(n->mac);
258 
259     str_list = NULL;
260     for (i = 0; i < n->mac_table.first_multi; i++) {
261         entry = g_malloc0(sizeof(*entry));
262         entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
263         entry->next = str_list;
264         str_list = entry;
265     }
266     info->unicast_table = str_list;
267 
268     str_list = NULL;
269     for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
270         entry = g_malloc0(sizeof(*entry));
271         entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
272         entry->next = str_list;
273         str_list = entry;
274     }
275     info->multicast_table = str_list;
276 
277     int_list = NULL;
278     for (i = 0; i < MAX_VLAN >> 5; i++) {
279         for (j = 0; n->vlans[i] && j < 0x1f; j++) {
280             if (n->vlans[i] & (1U << j)) {
281                 int_entry = g_malloc0(sizeof(*int_entry));
282                 int_entry->value = (i << 5) + j;
283                 int_entry->next = int_list;
284                 int_list = int_entry;
285             }
286         }
287     }
288     info->vlan_table = int_list;
289 
290     /* enable event notification after query */
291     nc->rxfilter_notify_enabled = 1;
292 
293     return info;
294 }
295 
296 static void virtio_net_reset(VirtIODevice *vdev)
297 {
298     VirtIONet *n = VIRTIO_NET(vdev);
299 
300     /* Reset back to compatibility mode */
301     n->promisc = 1;
302     n->allmulti = 0;
303     n->alluni = 0;
304     n->nomulti = 0;
305     n->nouni = 0;
306     n->nobcast = 0;
307     /* multiqueue is disabled by default */
308     n->curr_queues = 1;
309 
310     /* Flush any MAC and VLAN filter table state */
311     n->mac_table.in_use = 0;
312     n->mac_table.first_multi = 0;
313     n->mac_table.multi_overflow = 0;
314     n->mac_table.uni_overflow = 0;
315     memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
316     memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
317     memset(n->vlans, 0, MAX_VLAN >> 3);
318 }
319 
320 static void peer_test_vnet_hdr(VirtIONet *n)
321 {
322     NetClientState *nc = qemu_get_queue(n->nic);
323     if (!nc->peer) {
324         return;
325     }
326 
327     if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
328         return;
329     }
330 
331     n->has_vnet_hdr = tap_has_vnet_hdr(nc->peer);
332 }
333 
334 static int peer_has_vnet_hdr(VirtIONet *n)
335 {
336     return n->has_vnet_hdr;
337 }
338 
339 static int peer_has_ufo(VirtIONet *n)
340 {
341     if (!peer_has_vnet_hdr(n))
342         return 0;
343 
344     n->has_ufo = tap_has_ufo(qemu_get_queue(n->nic)->peer);
345 
346     return n->has_ufo;
347 }
348 
349 static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs)
350 {
351     int i;
352     NetClientState *nc;
353 
354     n->mergeable_rx_bufs = mergeable_rx_bufs;
355 
356     n->guest_hdr_len = n->mergeable_rx_bufs ?
357         sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
358 
359     for (i = 0; i < n->max_queues; i++) {
360         nc = qemu_get_subqueue(n->nic, i);
361 
362         if (peer_has_vnet_hdr(n) &&
363             tap_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
364             tap_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
365             n->host_hdr_len = n->guest_hdr_len;
366         }
367     }
368 }
369 
370 static int peer_attach(VirtIONet *n, int index)
371 {
372     NetClientState *nc = qemu_get_subqueue(n->nic, index);
373 
374     if (!nc->peer) {
375         return 0;
376     }
377 
378     if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
379         return 0;
380     }
381 
382     return tap_enable(nc->peer);
383 }
384 
385 static int peer_detach(VirtIONet *n, int index)
386 {
387     NetClientState *nc = qemu_get_subqueue(n->nic, index);
388 
389     if (!nc->peer) {
390         return 0;
391     }
392 
393     if (nc->peer->info->type !=  NET_CLIENT_OPTIONS_KIND_TAP) {
394         return 0;
395     }
396 
397     return tap_disable(nc->peer);
398 }
399 
400 static void virtio_net_set_queues(VirtIONet *n)
401 {
402     int i;
403 
404     for (i = 0; i < n->max_queues; i++) {
405         if (i < n->curr_queues) {
406             assert(!peer_attach(n, i));
407         } else {
408             assert(!peer_detach(n, i));
409         }
410     }
411 }
412 
413 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
414 
415 static uint32_t virtio_net_get_features(VirtIODevice *vdev, uint32_t features)
416 {
417     VirtIONet *n = VIRTIO_NET(vdev);
418     NetClientState *nc = qemu_get_queue(n->nic);
419 
420     features |= (1 << VIRTIO_NET_F_MAC);
421 
422     if (!peer_has_vnet_hdr(n)) {
423         features &= ~(0x1 << VIRTIO_NET_F_CSUM);
424         features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO4);
425         features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO6);
426         features &= ~(0x1 << VIRTIO_NET_F_HOST_ECN);
427 
428         features &= ~(0x1 << VIRTIO_NET_F_GUEST_CSUM);
429         features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO4);
430         features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO6);
431         features &= ~(0x1 << VIRTIO_NET_F_GUEST_ECN);
432     }
433 
434     if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
435         features &= ~(0x1 << VIRTIO_NET_F_GUEST_UFO);
436         features &= ~(0x1 << VIRTIO_NET_F_HOST_UFO);
437     }
438 
439     if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
440         return features;
441     }
442     if (!tap_get_vhost_net(nc->peer)) {
443         return features;
444     }
445     return vhost_net_get_features(tap_get_vhost_net(nc->peer), features);
446 }
447 
448 static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
449 {
450     uint32_t features = 0;
451 
452     /* Linux kernel 2.6.25.  It understood MAC (as everyone must),
453      * but also these: */
454     features |= (1 << VIRTIO_NET_F_MAC);
455     features |= (1 << VIRTIO_NET_F_CSUM);
456     features |= (1 << VIRTIO_NET_F_HOST_TSO4);
457     features |= (1 << VIRTIO_NET_F_HOST_TSO6);
458     features |= (1 << VIRTIO_NET_F_HOST_ECN);
459 
460     return features;
461 }
462 
463 static void virtio_net_apply_guest_offloads(VirtIONet *n)
464 {
465     tap_set_offload(qemu_get_subqueue(n->nic, 0)->peer,
466             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
467             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
468             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
469             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
470             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
471 }
472 
473 static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
474 {
475     static const uint64_t guest_offloads_mask =
476         (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
477         (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
478         (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
479         (1ULL << VIRTIO_NET_F_GUEST_ECN)  |
480         (1ULL << VIRTIO_NET_F_GUEST_UFO);
481 
482     return guest_offloads_mask & features;
483 }
484 
485 static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
486 {
487     VirtIODevice *vdev = VIRTIO_DEVICE(n);
488     return virtio_net_guest_offloads_by_features(vdev->guest_features);
489 }
490 
491 static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features)
492 {
493     VirtIONet *n = VIRTIO_NET(vdev);
494     int i;
495 
496     virtio_net_set_multiqueue(n, !!(features & (1 << VIRTIO_NET_F_MQ)));
497 
498     virtio_net_set_mrg_rx_bufs(n, !!(features & (1 << VIRTIO_NET_F_MRG_RXBUF)));
499 
500     if (n->has_vnet_hdr) {
501         n->curr_guest_offloads =
502             virtio_net_guest_offloads_by_features(features);
503         virtio_net_apply_guest_offloads(n);
504     }
505 
506     for (i = 0;  i < n->max_queues; i++) {
507         NetClientState *nc = qemu_get_subqueue(n->nic, i);
508 
509         if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
510             continue;
511         }
512         if (!tap_get_vhost_net(nc->peer)) {
513             continue;
514         }
515         vhost_net_ack_features(tap_get_vhost_net(nc->peer), features);
516     }
517 }
518 
519 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
520                                      struct iovec *iov, unsigned int iov_cnt)
521 {
522     uint8_t on;
523     size_t s;
524     NetClientState *nc = qemu_get_queue(n->nic);
525 
526     s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
527     if (s != sizeof(on)) {
528         return VIRTIO_NET_ERR;
529     }
530 
531     if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
532         n->promisc = on;
533     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
534         n->allmulti = on;
535     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
536         n->alluni = on;
537     } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
538         n->nomulti = on;
539     } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
540         n->nouni = on;
541     } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
542         n->nobcast = on;
543     } else {
544         return VIRTIO_NET_ERR;
545     }
546 
547     rxfilter_notify(nc);
548 
549     return VIRTIO_NET_OK;
550 }
551 
552 static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
553                                      struct iovec *iov, unsigned int iov_cnt)
554 {
555     VirtIODevice *vdev = VIRTIO_DEVICE(n);
556     uint64_t offloads;
557     size_t s;
558 
559     if (!((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features)) {
560         return VIRTIO_NET_ERR;
561     }
562 
563     s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
564     if (s != sizeof(offloads)) {
565         return VIRTIO_NET_ERR;
566     }
567 
568     if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
569         uint64_t supported_offloads;
570 
571         if (!n->has_vnet_hdr) {
572             return VIRTIO_NET_ERR;
573         }
574 
575         supported_offloads = virtio_net_supported_guest_offloads(n);
576         if (offloads & ~supported_offloads) {
577             return VIRTIO_NET_ERR;
578         }
579 
580         n->curr_guest_offloads = offloads;
581         virtio_net_apply_guest_offloads(n);
582 
583         return VIRTIO_NET_OK;
584     } else {
585         return VIRTIO_NET_ERR;
586     }
587 }
588 
589 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
590                                  struct iovec *iov, unsigned int iov_cnt)
591 {
592     struct virtio_net_ctrl_mac mac_data;
593     size_t s;
594     NetClientState *nc = qemu_get_queue(n->nic);
595 
596     if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
597         if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
598             return VIRTIO_NET_ERR;
599         }
600         s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
601         assert(s == sizeof(n->mac));
602         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
603         rxfilter_notify(nc);
604 
605         return VIRTIO_NET_OK;
606     }
607 
608     if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
609         return VIRTIO_NET_ERR;
610     }
611 
612     n->mac_table.in_use = 0;
613     n->mac_table.first_multi = 0;
614     n->mac_table.uni_overflow = 0;
615     n->mac_table.multi_overflow = 0;
616     memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
617 
618     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
619                    sizeof(mac_data.entries));
620     mac_data.entries = ldl_p(&mac_data.entries);
621     if (s != sizeof(mac_data.entries)) {
622         goto error;
623     }
624     iov_discard_front(&iov, &iov_cnt, s);
625 
626     if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
627         goto error;
628     }
629 
630     if (mac_data.entries <= MAC_TABLE_ENTRIES) {
631         s = iov_to_buf(iov, iov_cnt, 0, n->mac_table.macs,
632                        mac_data.entries * ETH_ALEN);
633         if (s != mac_data.entries * ETH_ALEN) {
634             goto error;
635         }
636         n->mac_table.in_use += mac_data.entries;
637     } else {
638         n->mac_table.uni_overflow = 1;
639     }
640 
641     iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
642 
643     n->mac_table.first_multi = n->mac_table.in_use;
644 
645     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
646                    sizeof(mac_data.entries));
647     mac_data.entries = ldl_p(&mac_data.entries);
648     if (s != sizeof(mac_data.entries)) {
649         goto error;
650     }
651 
652     iov_discard_front(&iov, &iov_cnt, s);
653 
654     if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
655         goto error;
656     }
657 
658     if (n->mac_table.in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
659         s = iov_to_buf(iov, iov_cnt, 0, n->mac_table.macs,
660                        mac_data.entries * ETH_ALEN);
661         if (s != mac_data.entries * ETH_ALEN) {
662             goto error;
663         }
664         n->mac_table.in_use += mac_data.entries;
665     } else {
666         n->mac_table.multi_overflow = 1;
667     }
668 
669     rxfilter_notify(nc);
670 
671     return VIRTIO_NET_OK;
672 
673 error:
674     rxfilter_notify(nc);
675     return VIRTIO_NET_ERR;
676 }
677 
678 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
679                                         struct iovec *iov, unsigned int iov_cnt)
680 {
681     uint16_t vid;
682     size_t s;
683     NetClientState *nc = qemu_get_queue(n->nic);
684 
685     s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
686     vid = lduw_p(&vid);
687     if (s != sizeof(vid)) {
688         return VIRTIO_NET_ERR;
689     }
690 
691     if (vid >= MAX_VLAN)
692         return VIRTIO_NET_ERR;
693 
694     if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
695         n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
696     else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
697         n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
698     else
699         return VIRTIO_NET_ERR;
700 
701     rxfilter_notify(nc);
702 
703     return VIRTIO_NET_OK;
704 }
705 
706 static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
707                                 struct iovec *iov, unsigned int iov_cnt)
708 {
709     VirtIODevice *vdev = VIRTIO_DEVICE(n);
710     struct virtio_net_ctrl_mq mq;
711     size_t s;
712     uint16_t queues;
713 
714     s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
715     if (s != sizeof(mq)) {
716         return VIRTIO_NET_ERR;
717     }
718 
719     if (cmd != VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
720         return VIRTIO_NET_ERR;
721     }
722 
723     queues = lduw_p(&mq.virtqueue_pairs);
724 
725     if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
726         queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
727         queues > n->max_queues ||
728         !n->multiqueue) {
729         return VIRTIO_NET_ERR;
730     }
731 
732     n->curr_queues = queues;
733     /* stop the backend before changing the number of queues to avoid handling a
734      * disabled queue */
735     virtio_net_set_status(vdev, vdev->status);
736     virtio_net_set_queues(n);
737 
738     return VIRTIO_NET_OK;
739 }
740 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
741 {
742     VirtIONet *n = VIRTIO_NET(vdev);
743     struct virtio_net_ctrl_hdr ctrl;
744     virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
745     VirtQueueElement elem;
746     size_t s;
747     struct iovec *iov;
748     unsigned int iov_cnt;
749 
750     while (virtqueue_pop(vq, &elem)) {
751         if (iov_size(elem.in_sg, elem.in_num) < sizeof(status) ||
752             iov_size(elem.out_sg, elem.out_num) < sizeof(ctrl)) {
753             error_report("virtio-net ctrl missing headers");
754             exit(1);
755         }
756 
757         iov = elem.out_sg;
758         iov_cnt = elem.out_num;
759         s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
760         iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
761         if (s != sizeof(ctrl)) {
762             status = VIRTIO_NET_ERR;
763         } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
764             status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
765         } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
766             status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
767         } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
768             status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
769         } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
770             status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
771         } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
772             status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
773         }
774 
775         s = iov_from_buf(elem.in_sg, elem.in_num, 0, &status, sizeof(status));
776         assert(s == sizeof(status));
777 
778         virtqueue_push(vq, &elem, sizeof(status));
779         virtio_notify(vdev, vq);
780     }
781 }
782 
783 /* RX */
784 
785 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
786 {
787     VirtIONet *n = VIRTIO_NET(vdev);
788     int queue_index = vq2q(virtio_get_queue_index(vq));
789 
790     qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
791 }
792 
793 static int virtio_net_can_receive(NetClientState *nc)
794 {
795     VirtIONet *n = qemu_get_nic_opaque(nc);
796     VirtIODevice *vdev = VIRTIO_DEVICE(n);
797     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
798 
799     if (!vdev->vm_running) {
800         return 0;
801     }
802 
803     if (nc->queue_index >= n->curr_queues) {
804         return 0;
805     }
806 
807     if (!virtio_queue_ready(q->rx_vq) ||
808         !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
809         return 0;
810     }
811 
812     return 1;
813 }
814 
815 static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
816 {
817     VirtIONet *n = q->n;
818     if (virtio_queue_empty(q->rx_vq) ||
819         (n->mergeable_rx_bufs &&
820          !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
821         virtio_queue_set_notification(q->rx_vq, 1);
822 
823         /* To avoid a race condition where the guest has made some buffers
824          * available after the above check but before notification was
825          * enabled, check for available buffers again.
826          */
827         if (virtio_queue_empty(q->rx_vq) ||
828             (n->mergeable_rx_bufs &&
829              !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
830             return 0;
831         }
832     }
833 
834     virtio_queue_set_notification(q->rx_vq, 0);
835     return 1;
836 }
837 
838 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
839  * it never finds out that the packets don't have valid checksums.  This
840  * causes dhclient to get upset.  Fedora's carried a patch for ages to
841  * fix this with Xen but it hasn't appeared in an upstream release of
842  * dhclient yet.
843  *
844  * To avoid breaking existing guests, we catch udp packets and add
845  * checksums.  This is terrible but it's better than hacking the guest
846  * kernels.
847  *
848  * N.B. if we introduce a zero-copy API, this operation is no longer free so
849  * we should provide a mechanism to disable it to avoid polluting the host
850  * cache.
851  */
852 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
853                                         uint8_t *buf, size_t size)
854 {
855     if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
856         (size > 27 && size < 1500) && /* normal sized MTU */
857         (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
858         (buf[23] == 17) && /* ip.protocol == UDP */
859         (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
860         net_checksum_calculate(buf, size);
861         hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
862     }
863 }
864 
865 static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
866                            const void *buf, size_t size)
867 {
868     if (n->has_vnet_hdr) {
869         /* FIXME this cast is evil */
870         void *wbuf = (void *)buf;
871         work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
872                                     size - n->host_hdr_len);
873         iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
874     } else {
875         struct virtio_net_hdr hdr = {
876             .flags = 0,
877             .gso_type = VIRTIO_NET_HDR_GSO_NONE
878         };
879         iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
880     }
881 }
882 
883 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
884 {
885     static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
886     static const uint8_t vlan[] = {0x81, 0x00};
887     uint8_t *ptr = (uint8_t *)buf;
888     int i;
889 
890     if (n->promisc)
891         return 1;
892 
893     ptr += n->host_hdr_len;
894 
895     if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
896         int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;
897         if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
898             return 0;
899     }
900 
901     if (ptr[0] & 1) { // multicast
902         if (!memcmp(ptr, bcast, sizeof(bcast))) {
903             return !n->nobcast;
904         } else if (n->nomulti) {
905             return 0;
906         } else if (n->allmulti || n->mac_table.multi_overflow) {
907             return 1;
908         }
909 
910         for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
911             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
912                 return 1;
913             }
914         }
915     } else { // unicast
916         if (n->nouni) {
917             return 0;
918         } else if (n->alluni || n->mac_table.uni_overflow) {
919             return 1;
920         } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
921             return 1;
922         }
923 
924         for (i = 0; i < n->mac_table.first_multi; i++) {
925             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
926                 return 1;
927             }
928         }
929     }
930 
931     return 0;
932 }
933 
934 static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t size)
935 {
936     VirtIONet *n = qemu_get_nic_opaque(nc);
937     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
938     VirtIODevice *vdev = VIRTIO_DEVICE(n);
939     struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
940     struct virtio_net_hdr_mrg_rxbuf mhdr;
941     unsigned mhdr_cnt = 0;
942     size_t offset, i, guest_offset;
943 
944     if (!virtio_net_can_receive(nc)) {
945         return -1;
946     }
947 
948     /* hdr_len refers to the header we supply to the guest */
949     if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
950         return 0;
951     }
952 
953     if (!receive_filter(n, buf, size))
954         return size;
955 
956     offset = i = 0;
957 
958     while (offset < size) {
959         VirtQueueElement elem;
960         int len, total;
961         const struct iovec *sg = elem.in_sg;
962 
963         total = 0;
964 
965         if (virtqueue_pop(q->rx_vq, &elem) == 0) {
966             if (i == 0)
967                 return -1;
968             error_report("virtio-net unexpected empty queue: "
969                     "i %zd mergeable %d offset %zd, size %zd, "
970                     "guest hdr len %zd, host hdr len %zd guest features 0x%x",
971                     i, n->mergeable_rx_bufs, offset, size,
972                     n->guest_hdr_len, n->host_hdr_len, vdev->guest_features);
973             exit(1);
974         }
975 
976         if (elem.in_num < 1) {
977             error_report("virtio-net receive queue contains no in buffers");
978             exit(1);
979         }
980 
981         if (i == 0) {
982             assert(offset == 0);
983             if (n->mergeable_rx_bufs) {
984                 mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
985                                     sg, elem.in_num,
986                                     offsetof(typeof(mhdr), num_buffers),
987                                     sizeof(mhdr.num_buffers));
988             }
989 
990             receive_header(n, sg, elem.in_num, buf, size);
991             offset = n->host_hdr_len;
992             total += n->guest_hdr_len;
993             guest_offset = n->guest_hdr_len;
994         } else {
995             guest_offset = 0;
996         }
997 
998         /* copy in packet.  ugh */
999         len = iov_from_buf(sg, elem.in_num, guest_offset,
1000                            buf + offset, size - offset);
1001         total += len;
1002         offset += len;
1003         /* If buffers can't be merged, at this point we
1004          * must have consumed the complete packet.
1005          * Otherwise, drop it. */
1006         if (!n->mergeable_rx_bufs && offset < size) {
1007 #if 0
1008             error_report("virtio-net truncated non-mergeable packet: "
1009                          "i %zd mergeable %d offset %zd, size %zd, "
1010                          "guest hdr len %zd, host hdr len %zd",
1011                          i, n->mergeable_rx_bufs,
1012                          offset, size, n->guest_hdr_len, n->host_hdr_len);
1013 #endif
1014             return size;
1015         }
1016 
1017         /* signal other side */
1018         virtqueue_fill(q->rx_vq, &elem, total, i++);
1019     }
1020 
1021     if (mhdr_cnt) {
1022         stw_p(&mhdr.num_buffers, i);
1023         iov_from_buf(mhdr_sg, mhdr_cnt,
1024                      0,
1025                      &mhdr.num_buffers, sizeof mhdr.num_buffers);
1026     }
1027 
1028     virtqueue_flush(q->rx_vq, i);
1029     virtio_notify(vdev, q->rx_vq);
1030 
1031     return size;
1032 }
1033 
1034 static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
1035 
1036 static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
1037 {
1038     VirtIONet *n = qemu_get_nic_opaque(nc);
1039     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1040     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1041 
1042     virtqueue_push(q->tx_vq, &q->async_tx.elem, 0);
1043     virtio_notify(vdev, q->tx_vq);
1044 
1045     q->async_tx.elem.out_num = q->async_tx.len = 0;
1046 
1047     virtio_queue_set_notification(q->tx_vq, 1);
1048     virtio_net_flush_tx(q);
1049 }
1050 
1051 /* TX */
1052 static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
1053 {
1054     VirtIONet *n = q->n;
1055     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1056     VirtQueueElement elem;
1057     int32_t num_packets = 0;
1058     int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
1059     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1060         return num_packets;
1061     }
1062 
1063     assert(vdev->vm_running);
1064 
1065     if (q->async_tx.elem.out_num) {
1066         virtio_queue_set_notification(q->tx_vq, 0);
1067         return num_packets;
1068     }
1069 
1070     while (virtqueue_pop(q->tx_vq, &elem)) {
1071         ssize_t ret, len;
1072         unsigned int out_num = elem.out_num;
1073         struct iovec *out_sg = &elem.out_sg[0];
1074         struct iovec sg[VIRTQUEUE_MAX_SIZE];
1075 
1076         if (out_num < 1) {
1077             error_report("virtio-net header not in first element");
1078             exit(1);
1079         }
1080 
1081         /*
1082          * If host wants to see the guest header as is, we can
1083          * pass it on unchanged. Otherwise, copy just the parts
1084          * that host is interested in.
1085          */
1086         assert(n->host_hdr_len <= n->guest_hdr_len);
1087         if (n->host_hdr_len != n->guest_hdr_len) {
1088             unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
1089                                        out_sg, out_num,
1090                                        0, n->host_hdr_len);
1091             sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
1092                              out_sg, out_num,
1093                              n->guest_hdr_len, -1);
1094             out_num = sg_num;
1095             out_sg = sg;
1096         }
1097 
1098         len = n->guest_hdr_len;
1099 
1100         ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
1101                                       out_sg, out_num, virtio_net_tx_complete);
1102         if (ret == 0) {
1103             virtio_queue_set_notification(q->tx_vq, 0);
1104             q->async_tx.elem = elem;
1105             q->async_tx.len  = len;
1106             return -EBUSY;
1107         }
1108 
1109         len += ret;
1110 
1111         virtqueue_push(q->tx_vq, &elem, 0);
1112         virtio_notify(vdev, q->tx_vq);
1113 
1114         if (++num_packets >= n->tx_burst) {
1115             break;
1116         }
1117     }
1118     return num_packets;
1119 }
1120 
1121 static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
1122 {
1123     VirtIONet *n = VIRTIO_NET(vdev);
1124     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1125 
1126     /* This happens when device was stopped but VCPU wasn't. */
1127     if (!vdev->vm_running) {
1128         q->tx_waiting = 1;
1129         return;
1130     }
1131 
1132     if (q->tx_waiting) {
1133         virtio_queue_set_notification(vq, 1);
1134         qemu_del_timer(q->tx_timer);
1135         q->tx_waiting = 0;
1136         virtio_net_flush_tx(q);
1137     } else {
1138         qemu_mod_timer(q->tx_timer,
1139                        qemu_get_clock_ns(vm_clock) + n->tx_timeout);
1140         q->tx_waiting = 1;
1141         virtio_queue_set_notification(vq, 0);
1142     }
1143 }
1144 
1145 static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
1146 {
1147     VirtIONet *n = VIRTIO_NET(vdev);
1148     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1149 
1150     if (unlikely(q->tx_waiting)) {
1151         return;
1152     }
1153     q->tx_waiting = 1;
1154     /* This happens when device was stopped but VCPU wasn't. */
1155     if (!vdev->vm_running) {
1156         return;
1157     }
1158     virtio_queue_set_notification(vq, 0);
1159     qemu_bh_schedule(q->tx_bh);
1160 }
1161 
1162 static void virtio_net_tx_timer(void *opaque)
1163 {
1164     VirtIONetQueue *q = opaque;
1165     VirtIONet *n = q->n;
1166     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1167     assert(vdev->vm_running);
1168 
1169     q->tx_waiting = 0;
1170 
1171     /* Just in case the driver is not ready on more */
1172     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1173         return;
1174     }
1175 
1176     virtio_queue_set_notification(q->tx_vq, 1);
1177     virtio_net_flush_tx(q);
1178 }
1179 
1180 static void virtio_net_tx_bh(void *opaque)
1181 {
1182     VirtIONetQueue *q = opaque;
1183     VirtIONet *n = q->n;
1184     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1185     int32_t ret;
1186 
1187     assert(vdev->vm_running);
1188 
1189     q->tx_waiting = 0;
1190 
1191     /* Just in case the driver is not ready on more */
1192     if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
1193         return;
1194     }
1195 
1196     ret = virtio_net_flush_tx(q);
1197     if (ret == -EBUSY) {
1198         return; /* Notification re-enable handled by tx_complete */
1199     }
1200 
1201     /* If we flush a full burst of packets, assume there are
1202      * more coming and immediately reschedule */
1203     if (ret >= n->tx_burst) {
1204         qemu_bh_schedule(q->tx_bh);
1205         q->tx_waiting = 1;
1206         return;
1207     }
1208 
1209     /* If less than a full burst, re-enable notification and flush
1210      * anything that may have come in while we weren't looking.  If
1211      * we find something, assume the guest is still active and reschedule */
1212     virtio_queue_set_notification(q->tx_vq, 1);
1213     if (virtio_net_flush_tx(q) > 0) {
1214         virtio_queue_set_notification(q->tx_vq, 0);
1215         qemu_bh_schedule(q->tx_bh);
1216         q->tx_waiting = 1;
1217     }
1218 }
1219 
1220 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
1221 {
1222     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1223     int i, max = multiqueue ? n->max_queues : 1;
1224 
1225     n->multiqueue = multiqueue;
1226 
1227     for (i = 2; i <= n->max_queues * 2 + 1; i++) {
1228         virtio_del_queue(vdev, i);
1229     }
1230 
1231     for (i = 1; i < max; i++) {
1232         n->vqs[i].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
1233         if (n->vqs[i].tx_timer) {
1234             n->vqs[i].tx_vq =
1235                 virtio_add_queue(vdev, 256, virtio_net_handle_tx_timer);
1236             n->vqs[i].tx_timer = qemu_new_timer_ns(vm_clock,
1237                                                    virtio_net_tx_timer,
1238                                                    &n->vqs[i]);
1239         } else {
1240             n->vqs[i].tx_vq =
1241                 virtio_add_queue(vdev, 256, virtio_net_handle_tx_bh);
1242             n->vqs[i].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[i]);
1243         }
1244 
1245         n->vqs[i].tx_waiting = 0;
1246         n->vqs[i].n = n;
1247     }
1248 
1249     /* Note: Minux Guests (version 3.2.1) use ctrl vq but don't ack
1250      * VIRTIO_NET_F_CTRL_VQ. Create ctrl vq unconditionally to avoid
1251      * breaking them.
1252      */
1253     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1254 
1255     virtio_net_set_queues(n);
1256 }
1257 
1258 static void virtio_net_save(QEMUFile *f, void *opaque)
1259 {
1260     int i;
1261     VirtIONet *n = opaque;
1262     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1263 
1264     /* At this point, backend must be stopped, otherwise
1265      * it might keep writing to memory. */
1266     assert(!n->vhost_started);
1267     virtio_save(vdev, f);
1268 
1269     qemu_put_buffer(f, n->mac, ETH_ALEN);
1270     qemu_put_be32(f, n->vqs[0].tx_waiting);
1271     qemu_put_be32(f, n->mergeable_rx_bufs);
1272     qemu_put_be16(f, n->status);
1273     qemu_put_byte(f, n->promisc);
1274     qemu_put_byte(f, n->allmulti);
1275     qemu_put_be32(f, n->mac_table.in_use);
1276     qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN);
1277     qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
1278     qemu_put_be32(f, n->has_vnet_hdr);
1279     qemu_put_byte(f, n->mac_table.multi_overflow);
1280     qemu_put_byte(f, n->mac_table.uni_overflow);
1281     qemu_put_byte(f, n->alluni);
1282     qemu_put_byte(f, n->nomulti);
1283     qemu_put_byte(f, n->nouni);
1284     qemu_put_byte(f, n->nobcast);
1285     qemu_put_byte(f, n->has_ufo);
1286     if (n->max_queues > 1) {
1287         qemu_put_be16(f, n->max_queues);
1288         qemu_put_be16(f, n->curr_queues);
1289         for (i = 1; i < n->curr_queues; i++) {
1290             qemu_put_be32(f, n->vqs[i].tx_waiting);
1291         }
1292     }
1293 
1294     if ((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features) {
1295         qemu_put_be64(f, n->curr_guest_offloads);
1296     }
1297 }
1298 
1299 static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
1300 {
1301     VirtIONet *n = opaque;
1302     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1303     int ret, i, link_down;
1304 
1305     if (version_id < 2 || version_id > VIRTIO_NET_VM_VERSION)
1306         return -EINVAL;
1307 
1308     ret = virtio_load(vdev, f);
1309     if (ret) {
1310         return ret;
1311     }
1312 
1313     qemu_get_buffer(f, n->mac, ETH_ALEN);
1314     n->vqs[0].tx_waiting = qemu_get_be32(f);
1315 
1316     virtio_net_set_mrg_rx_bufs(n, qemu_get_be32(f));
1317 
1318     if (version_id >= 3)
1319         n->status = qemu_get_be16(f);
1320 
1321     if (version_id >= 4) {
1322         if (version_id < 8) {
1323             n->promisc = qemu_get_be32(f);
1324             n->allmulti = qemu_get_be32(f);
1325         } else {
1326             n->promisc = qemu_get_byte(f);
1327             n->allmulti = qemu_get_byte(f);
1328         }
1329     }
1330 
1331     if (version_id >= 5) {
1332         n->mac_table.in_use = qemu_get_be32(f);
1333         /* MAC_TABLE_ENTRIES may be different from the saved image */
1334         if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
1335             qemu_get_buffer(f, n->mac_table.macs,
1336                             n->mac_table.in_use * ETH_ALEN);
1337         } else if (n->mac_table.in_use) {
1338             uint8_t *buf = g_malloc0(n->mac_table.in_use);
1339             qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN);
1340             g_free(buf);
1341             n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
1342             n->mac_table.in_use = 0;
1343         }
1344     }
1345 
1346     if (version_id >= 6)
1347         qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
1348 
1349     if (version_id >= 7) {
1350         if (qemu_get_be32(f) && !peer_has_vnet_hdr(n)) {
1351             error_report("virtio-net: saved image requires vnet_hdr=on");
1352             return -1;
1353         }
1354     }
1355 
1356     if (version_id >= 9) {
1357         n->mac_table.multi_overflow = qemu_get_byte(f);
1358         n->mac_table.uni_overflow = qemu_get_byte(f);
1359     }
1360 
1361     if (version_id >= 10) {
1362         n->alluni = qemu_get_byte(f);
1363         n->nomulti = qemu_get_byte(f);
1364         n->nouni = qemu_get_byte(f);
1365         n->nobcast = qemu_get_byte(f);
1366     }
1367 
1368     if (version_id >= 11) {
1369         if (qemu_get_byte(f) && !peer_has_ufo(n)) {
1370             error_report("virtio-net: saved image requires TUN_F_UFO support");
1371             return -1;
1372         }
1373     }
1374 
1375     if (n->max_queues > 1) {
1376         if (n->max_queues != qemu_get_be16(f)) {
1377             error_report("virtio-net: different max_queues ");
1378             return -1;
1379         }
1380 
1381         n->curr_queues = qemu_get_be16(f);
1382         for (i = 1; i < n->curr_queues; i++) {
1383             n->vqs[i].tx_waiting = qemu_get_be32(f);
1384         }
1385     }
1386 
1387     if ((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features) {
1388         n->curr_guest_offloads = qemu_get_be64(f);
1389     } else {
1390         n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
1391     }
1392 
1393     if (peer_has_vnet_hdr(n)) {
1394         virtio_net_apply_guest_offloads(n);
1395     }
1396 
1397     virtio_net_set_queues(n);
1398 
1399     /* Find the first multicast entry in the saved MAC filter */
1400     for (i = 0; i < n->mac_table.in_use; i++) {
1401         if (n->mac_table.macs[i * ETH_ALEN] & 1) {
1402             break;
1403         }
1404     }
1405     n->mac_table.first_multi = i;
1406 
1407     /* nc.link_down can't be migrated, so infer link_down according
1408      * to link status bit in n->status */
1409     link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
1410     for (i = 0; i < n->max_queues; i++) {
1411         qemu_get_subqueue(n->nic, i)->link_down = link_down;
1412     }
1413 
1414     return 0;
1415 }
1416 
1417 static void virtio_net_cleanup(NetClientState *nc)
1418 {
1419     VirtIONet *n = qemu_get_nic_opaque(nc);
1420 
1421     n->nic = NULL;
1422 }
1423 
1424 static NetClientInfo net_virtio_info = {
1425     .type = NET_CLIENT_OPTIONS_KIND_NIC,
1426     .size = sizeof(NICState),
1427     .can_receive = virtio_net_can_receive,
1428     .receive = virtio_net_receive,
1429         .cleanup = virtio_net_cleanup,
1430     .link_status_changed = virtio_net_set_link_status,
1431     .query_rx_filter = virtio_net_query_rxfilter,
1432 };
1433 
1434 static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
1435 {
1436     VirtIONet *n = VIRTIO_NET(vdev);
1437     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1438     assert(n->vhost_started);
1439     return vhost_net_virtqueue_pending(tap_get_vhost_net(nc->peer), idx);
1440 }
1441 
1442 static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
1443                                            bool mask)
1444 {
1445     VirtIONet *n = VIRTIO_NET(vdev);
1446     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1447     assert(n->vhost_started);
1448     vhost_net_virtqueue_mask(tap_get_vhost_net(nc->peer),
1449                              vdev, idx, mask);
1450 }
1451 
1452 void virtio_net_set_config_size(VirtIONet *n, uint32_t host_features)
1453 {
1454     int i, config_size = 0;
1455     host_features |= (1 << VIRTIO_NET_F_MAC);
1456     for (i = 0; feature_sizes[i].flags != 0; i++) {
1457         if (host_features & feature_sizes[i].flags) {
1458             config_size = MAX(feature_sizes[i].end, config_size);
1459         }
1460     }
1461     n->config_size = config_size;
1462 }
1463 
1464 void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
1465                                    const char *type)
1466 {
1467     /*
1468      * The name can be NULL, the netclient name will be type.x.
1469      */
1470     assert(type != NULL);
1471 
1472     if (n->netclient_name) {
1473         g_free(n->netclient_name);
1474         n->netclient_name = NULL;
1475     }
1476     if (n->netclient_type) {
1477         g_free(n->netclient_type);
1478         n->netclient_type = NULL;
1479     }
1480 
1481     if (name != NULL) {
1482         n->netclient_name = g_strdup(name);
1483     }
1484     n->netclient_type = g_strdup(type);
1485 }
1486 
1487 static int virtio_net_device_init(VirtIODevice *vdev)
1488 {
1489     int i;
1490 
1491     DeviceState *qdev = DEVICE(vdev);
1492     VirtIONet *n = VIRTIO_NET(vdev);
1493     NetClientState *nc;
1494 
1495     virtio_init(VIRTIO_DEVICE(n), "virtio-net", VIRTIO_ID_NET,
1496                                   n->config_size);
1497 
1498     n->max_queues = MAX(n->nic_conf.queues, 1);
1499     n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
1500     n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
1501     n->curr_queues = 1;
1502     n->vqs[0].n = n;
1503     n->tx_timeout = n->net_conf.txtimer;
1504 
1505     if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
1506                        && strcmp(n->net_conf.tx, "bh")) {
1507         error_report("virtio-net: "
1508                      "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
1509                      n->net_conf.tx);
1510         error_report("Defaulting to \"bh\"");
1511     }
1512 
1513     if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
1514         n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
1515                                            virtio_net_handle_tx_timer);
1516         n->vqs[0].tx_timer = qemu_new_timer_ns(vm_clock, virtio_net_tx_timer,
1517                                                &n->vqs[0]);
1518     } else {
1519         n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
1520                                            virtio_net_handle_tx_bh);
1521         n->vqs[0].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[0]);
1522     }
1523     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1524     qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
1525     memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
1526     n->status = VIRTIO_NET_S_LINK_UP;
1527 
1528     if (n->netclient_type) {
1529         /*
1530          * Happen when virtio_net_set_netclient_name has been called.
1531          */
1532         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1533                               n->netclient_type, n->netclient_name, n);
1534     } else {
1535         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1536                               object_get_typename(OBJECT(qdev)), qdev->id, n);
1537     }
1538 
1539     peer_test_vnet_hdr(n);
1540     if (peer_has_vnet_hdr(n)) {
1541         for (i = 0; i < n->max_queues; i++) {
1542             tap_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
1543         }
1544         n->host_hdr_len = sizeof(struct virtio_net_hdr);
1545     } else {
1546         n->host_hdr_len = 0;
1547     }
1548 
1549     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
1550 
1551     n->vqs[0].tx_waiting = 0;
1552     n->tx_burst = n->net_conf.txburst;
1553     virtio_net_set_mrg_rx_bufs(n, 0);
1554     n->promisc = 1; /* for compatibility */
1555 
1556     n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
1557 
1558     n->vlans = g_malloc0(MAX_VLAN >> 3);
1559 
1560     nc = qemu_get_queue(n->nic);
1561     nc->rxfilter_notify_enabled = 1;
1562 
1563     n->qdev = qdev;
1564     register_savevm(qdev, "virtio-net", -1, VIRTIO_NET_VM_VERSION,
1565                     virtio_net_save, virtio_net_load, n);
1566 
1567     add_boot_device_path(n->nic_conf.bootindex, qdev, "/ethernet-phy@0");
1568     return 0;
1569 }
1570 
1571 static int virtio_net_device_exit(DeviceState *qdev)
1572 {
1573     VirtIONet *n = VIRTIO_NET(qdev);
1574     VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
1575     int i;
1576 
1577     /* This will stop vhost backend if appropriate. */
1578     virtio_net_set_status(vdev, 0);
1579 
1580     unregister_savevm(qdev, "virtio-net", n);
1581 
1582     if (n->netclient_name) {
1583         g_free(n->netclient_name);
1584         n->netclient_name = NULL;
1585     }
1586     if (n->netclient_type) {
1587         g_free(n->netclient_type);
1588         n->netclient_type = NULL;
1589     }
1590 
1591     g_free(n->mac_table.macs);
1592     g_free(n->vlans);
1593 
1594     for (i = 0; i < n->max_queues; i++) {
1595         VirtIONetQueue *q = &n->vqs[i];
1596         NetClientState *nc = qemu_get_subqueue(n->nic, i);
1597 
1598         qemu_purge_queued_packets(nc);
1599 
1600         if (q->tx_timer) {
1601             qemu_del_timer(q->tx_timer);
1602             qemu_free_timer(q->tx_timer);
1603         } else {
1604             qemu_bh_delete(q->tx_bh);
1605         }
1606     }
1607 
1608     g_free(n->vqs);
1609     qemu_del_nic(n->nic);
1610     virtio_cleanup(vdev);
1611 
1612     return 0;
1613 }
1614 
1615 static void virtio_net_instance_init(Object *obj)
1616 {
1617     VirtIONet *n = VIRTIO_NET(obj);
1618 
1619     /*
1620      * The default config_size is sizeof(struct virtio_net_config).
1621      * Can be overriden with virtio_net_set_config_size.
1622      */
1623     n->config_size = sizeof(struct virtio_net_config);
1624 }
1625 
1626 static Property virtio_net_properties[] = {
1627     DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
1628     DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
1629                                                TX_TIMER_INTERVAL),
1630     DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
1631     DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
1632     DEFINE_PROP_END_OF_LIST(),
1633 };
1634 
1635 static void virtio_net_class_init(ObjectClass *klass, void *data)
1636 {
1637     DeviceClass *dc = DEVICE_CLASS(klass);
1638     VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1639     dc->exit = virtio_net_device_exit;
1640     dc->props = virtio_net_properties;
1641     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1642     vdc->init = virtio_net_device_init;
1643     vdc->get_config = virtio_net_get_config;
1644     vdc->set_config = virtio_net_set_config;
1645     vdc->get_features = virtio_net_get_features;
1646     vdc->set_features = virtio_net_set_features;
1647     vdc->bad_features = virtio_net_bad_features;
1648     vdc->reset = virtio_net_reset;
1649     vdc->set_status = virtio_net_set_status;
1650     vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
1651     vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
1652 }
1653 
1654 static const TypeInfo virtio_net_info = {
1655     .name = TYPE_VIRTIO_NET,
1656     .parent = TYPE_VIRTIO_DEVICE,
1657     .instance_size = sizeof(VirtIONet),
1658     .instance_init = virtio_net_instance_init,
1659     .class_init = virtio_net_class_init,
1660 };
1661 
1662 static void virtio_register_types(void)
1663 {
1664     type_register_static(&virtio_net_info);
1665 }
1666 
1667 type_init(virtio_register_types)
1668