From patchwork Thu Oct 29 03:12:27 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Scott Tsai <scottt.tw@gmail.com>
X-Patchwork-Id: 37166
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 5ACA8B7BC5
	for <incoming@patchwork.ozlabs.org>;
	Thu, 29 Oct 2009 14:13:04 +1100 (EST)
Received: from localhost ([127.0.0.1]:33226 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N3LRc-00033D-NU
	for incoming@patchwork.ozlabs.org; Wed, 28 Oct 2009 23:13:00 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N3LRA-00032p-G4
	for qemu-devel@nongnu.org; Wed, 28 Oct 2009 23:12:32 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N3LR5-000327-Kn
	for qemu-devel@nongnu.org; Wed, 28 Oct 2009 23:12:31 -0400
Received: from [199.232.76.173] (port=56232 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N3LR5-000324-Dz
	for qemu-devel@nongnu.org; Wed, 28 Oct 2009 23:12:27 -0400
Received: from mail-yw0-f176.google.com ([209.85.211.176]:39257)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <scottt.tw@gmail.com>) id 1N3LR5-0001Bf-5d
	for qemu-devel@nongnu.org; Wed, 28 Oct 2009 23:12:27 -0400
Received: by ywh6 with SMTP id 6so1320877ywh.4
	for <qemu-devel@nongnu.org>; Wed, 28 Oct 2009 20:12:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:content-type:cc:subject:from
	:to:in-reply-to:references:date:message-id:user-agent
	:content-transfer-encoding;
	bh=rkTxcocmMpB2zmPq2gY18/23nHubgHfmU8zpsV3fc6s=;
	b=jDCiwKu2kOoV2bUHhGvMCIAtRuh8+tOmw5v5XZSLBO8A4hq60YH7QHSpMnW4DF7kT6
	f7vWG/1GAoWHRwPHs5YbVwPU/chHsSFGiYCuYlGVluowANrEUxq8ydbdKrvv/N0uNaoQ
	GMbiZ29Y82VH51f7eH2uE27dsj+fWs7iq6Pkc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=content-type:cc:subject:from:to:in-reply-to:references:date
	:message-id:user-agent:content-transfer-encoding;
	b=u+LVTo9157PoyMxL/63afjI6QnHTke3Pv8elnNyerjXavCf6ghXs1vxUA/KVUUxL1D
	gQO4l6fVtWZ0dekicVdcozDqeHwXFmrnx7AIO+QJFjklSqcKaIgeCr1/EMJ97sW0AGPB
	InoxeOvcgcnCvN1Cyh7OP8P4jkVSrYL4yvwJQ=
Received: by 10.90.23.3 with SMTP id 3mr2999564agw.106.1256785946238;
	Wed, 28 Oct 2009 20:12:26 -0700 (PDT)
Received: from localhost (220-136-176-197.dynamic.hinet.net
	[220.136.176.197])
	by mx.google.com with ESMTPS id 6sm717973yxg.66.2009.10.28.20.12.24
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Wed, 28 Oct 2009 20:12:25 -0700 (PDT)
Subject: Re: [Qemu-devel] qemu-kvm-0.11 regression,
	crashes on older guests with virtio network
From: Scott Tsai <scottt.tw@gmail.com>
To: Dustin Kirkland <kirkland@canonical.com>
In-reply-to: <d9c105ea0910281222u76a61a2by3cc924e85d40a865@mail.gmail.com>
References: <d9c105ea0910281222u76a61a2by3cc924e85d40a865@mail.gmail.com>
Date: Thu, 29 Oct 2009 11:12:27 +0800
Message-Id: <1256785636-sup-215@xpc65.scottt>
User-Agent: Sup/0.9
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer,
	2)
Cc: qemu-devel <qemu-devel@nongnu.org>, kvm <kvm@vger.kernel.org>
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Excerpts from Dustin Kirkland's message of Thu Oct 29 03:22:43 +0800 2009:
> We're tracking this issue at:
>  * https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521
> 
> I'll gladly review and test patches, or take pointers on where I might
> look to solve this issue.

Try the following patch against the stable-0.11 branch.
I've only just started learning about the virtio-net code but hopefully this patch points you
to the right direction.

Note that this patch just drops the packets that would have caused virtio-net 
to call exit(1).

From d48af0377f359983bff67eb9296ba040def401ec Mon Sep 17 00:00:00 2001
From: Scott Tsai <scottt.tw@gmail.com>
Date: Thu, 29 Oct 2009 10:56:12 +0800
Subject: [PATCH] virtio-net: drop large packets when no mergable_rx_bufs

see: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521
---
 hw/virtio-net.c |    8 +++++++-
 hw/virtio.c     |   22 ++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletions(-)

diff --git a/hw/virtio-net.c b/hw/virtio-net.c
index ce8e6cb..2e6725b 100644
--- a/hw/virtio-net.c
+++ b/hw/virtio-net.c
@@ -502,6 +502,8 @@ static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
     return 0;
 }
 
+int buffer_fits_in_virtqueue_top(VirtQueue *vq, int size);
+
 static ssize_t virtio_net_receive2(VLANClientState *vc, const uint8_t *buf, size_t size, int raw)
 {
     VirtIONet *n = vc->opaque;
@@ -518,6 +520,10 @@ static ssize_t virtio_net_receive2(VLANClientState *vc, const uint8_t *buf, size
     hdr_len = n->mergeable_rx_bufs ?
         sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
 
+    /* drop packet instead of truncating it */
+    if (!n->mergeable_rx_bufs && !buffer_fits_in_virtqueue_top(n->rx_vq, hdr_len + size))
+        return;
+
     offset = i = 0;
 
     while (offset < size) {
@@ -531,7 +537,7 @@ static ssize_t virtio_net_receive2(VLANClientState *vc, const uint8_t *buf, size
             virtqueue_pop(n->rx_vq, &elem) == 0) {
             if (i == 0)
                 return -1;
-            fprintf(stderr, "virtio-net truncating packet\n");
+            fprintf(stderr, "virtio-net truncating packet: mergable_rx_bufs: %d\n", n->mergeable_rx_bufs);
             exit(1);
         }
 
diff --git a/hw/virtio.c b/hw/virtio.c
index 41e7ca2..d6f5a12 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -356,6 +356,28 @@ int virtqueue_avail_bytes(VirtQueue *vq, int in_bytes, int out_bytes)
     return 0;
 }
 
+/* buffer_fits_in_virtqueue_top: returns true if a 'size' byte buffer could fit in the
+ * input descriptors that virtqueue_pop() would have returned
+ */
+int buffer_fits_in_virtqueue_top(VirtQueue *vq, int size);
+
+int buffer_fits_in_virtqueue_top(VirtQueue *vq, int size)
+{
+    unsigned int i;
+    int input_iov_len_sum;
+
+    if (!virtqueue_num_heads(vq, vq->last_avail_idx))
+        return 0;
+
+    input_iov_len_sum = 0;
+    i = virtqueue_get_head(vq, vq->last_avail_idx);
+    do {
+        if (vring_desc_flags(vq, i) & VRING_DESC_F_WRITE)
+            input_iov_len_sum += vring_desc_len(vq, i);
+    } while ((i = virtqueue_next_desc(vq, i)) != vq->vring.num);
+    return input_iov_len_sum >= size;
+}
+
 int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem)
 {
     unsigned int i, head, max;