From e1d64c084b2cc7e907b4e64026d8c8dba59116f8 Mon Sep 17 00:00:00 2001 From: zhanghailiang Date: Tue, 26 Aug 2014 16:06:17 +0800 Subject: net: Forbid dealing with packets when VM is not running For all NICs(except virtio-net) emulated by qemu, Such as e1000, rtl8139, pcnet and ne2k_pci, Qemu can still receive packets when VM is not running. If this happened in *migration's* last PAUSE VM stage, but before the end of the migration, the new receiving packets will possibly dirty parts of RAM which has been cached in *iovec*(will be sent asynchronously) and dirty parts of new RAM which will be missed. This will lead serious network fault in VM. To avoid this, we forbid receiving packets in generic net code when VM is not running. Bug reproduction steps: (1) Start a VM which configured at least one NIC (2) In VM, open several Terminal and do *Ping IP -i 0.1* (3) Migrate the VM repeatedly between two Hosts And the *PING* command in VM will very likely fail with message: 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you run 'service network restart' Signed-off-by: zhanghailiang Reviewed-by: Jason Wang Reviewed-by: Juan Quintela Reviewed-by: Michael S. Tsirkin Signed-off-by: Stefan Hajnoczi --- net/net.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'net') diff --git a/net/net.c b/net/net.c index 6d930ea63b..962c05f6db 100644 --- a/net/net.c +++ b/net/net.c @@ -41,6 +41,7 @@ #include "qapi-visit.h" #include "qapi/opts-visitor.h" #include "qapi/dealloc-visitor.h" +#include "sysemu/sysemu.h" /* Net bridge is currently not supported for W32. */ #if !defined(_WIN32) @@ -452,6 +453,12 @@ void qemu_set_vnet_hdr_len(NetClientState *nc, int len) int qemu_can_send_packet(NetClientState *sender) { + int vm_running = runstate_is_running(); + + if (!vm_running) { + return 0; + } + if (!sender->peer) { return 1; } -- cgit v1.2.1 From 07d8084624b3f5cbde7777849147a6a3a862e90a Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 4 Sep 2014 11:39:10 +0300 Subject: net: invoke callback when purging queue devices rely on packet callbacks eventually running, but we violate this rule whenever we purge the queue. To fix, invoke callbacks on all packets on purge. Set length to 0, this way callers can detect that this happened and re-queue if necessary. Cc: qemu-stable@nongnu.org Cc: Jason Wang Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Signed-off-by: Stefan Hajnoczi --- net/queue.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net') diff --git a/net/queue.c b/net/queue.c index 859d02a136..f948318718 100644 --- a/net/queue.c +++ b/net/queue.c @@ -233,6 +233,9 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState *from) if (packet->sender == from) { QTAILQ_REMOVE(&queue->packets, packet, entry); queue->nq_count--; + if (packet->sent_cb) { + packet->sent_cb(packet->sender, 0); + } g_free(packet); } } -- cgit v1.2.1 From ca77d85e1dbf929ae677a0bac96e9b3edd1704da Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 4 Sep 2014 11:39:13 +0300 Subject: net: complete all queued packets on VM stop This completes all packets, ensuring that callbacks will not run when VM is stopped. Cc: qemu-stable@nongnu.org Cc: Jason Wang Signed-off-by: Michael S. Tsirkin Signed-off-by: Stefan Hajnoczi --- net/net.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/net.c b/net/net.c index 962c05f6db..7acc162b44 100644 --- a/net/net.c +++ b/net/net.c @@ -48,6 +48,7 @@ # define CONFIG_NET_BRIDGE #endif +static VMChangeStateEntry *net_change_state_entry; static QTAILQ_HEAD(, NetClientState) net_clients; const char *host_net_devices[] = { @@ -511,7 +512,8 @@ void qemu_purge_queued_packets(NetClientState *nc) qemu_net_queue_purge(nc->peer->incoming_queue, nc); } -void qemu_flush_queued_packets(NetClientState *nc) +static +void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge) { nc->receive_disabled = 0; @@ -525,9 +527,17 @@ void qemu_flush_queued_packets(NetClientState *nc) * the file descriptor (for tap, for example). */ qemu_notify_event(); + } else if (purge) { + /* Unable to empty the queue, purge remaining packets */ + qemu_net_queue_purge(nc->incoming_queue, nc); } } +void qemu_flush_queued_packets(NetClientState *nc) +{ + qemu_flush_or_purge_queued_packets(nc, false); +} + static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender, unsigned flags, const uint8_t *buf, int size, @@ -1175,6 +1185,22 @@ void qmp_set_link(const char *name, bool up, Error **errp) } } +static void net_vm_change_state_handler(void *opaque, int running, + RunState state) +{ + /* Complete all queued packets, to guarantee we don't modify + * state later when VM is not running. + */ + if (!running) { + NetClientState *nc; + NetClientState *tmp; + + QTAILQ_FOREACH_SAFE(nc, &net_clients, next, tmp) { + qemu_flush_or_purge_queued_packets(nc, true); + } + } +} + void net_cleanup(void) { NetClientState *nc; @@ -1190,6 +1216,8 @@ void net_cleanup(void) qemu_del_net_client(nc); } } + + qemu_del_vm_change_state_handler(net_change_state_entry); } void net_check_clients(void) @@ -1275,6 +1303,9 @@ int net_init_clients(void) #endif } + net_change_state_entry = + qemu_add_vm_change_state_handler(net_vm_change_state_handler, NULL); + QTAILQ_INIT(&net_clients); if (qemu_opts_foreach(qemu_find_opts("netdev"), net_init_netdev, NULL, 1) == -1) -- cgit v1.2.1