[V4] net: Forbid dealing with packets when VM is not running

For all NICs(except virtio-net) emulated by qemu,
Such as e1000, rtl8139, pcnet and ne2k_pci,
Qemu can still receive packets when VM is not running.

If this happened in *migration's* last PAUSE VM stage, but
before the end of the migration, the new receiving packets will possibly dirty
parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
dirty parts of new RAM which will be missed.
This will lead serious network fault in VM.

To avoid this, we forbid receiving packets in generic net code when
VM is not running.

Bug reproduction steps:
(1) Start a VM which configured at least one NIC
(2) In VM, open several Terminal and do *Ping IP -i 0.1*
(3) Migrate the VM repeatedly between two Hosts
And the *PING* command in VM will very likely fail with message:
'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
run 'service network restart'

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
 v4:
- The action of flush queued packets is unnecessary, remove this.
  (Thanks for the help of Jason Wang and Stefan). 

 v3:
- change the 'vmstate' to 'vm_running'

 v2:
- remove the superfluous check of nc->received_disabled 
---

 net/net.c | 7 +++++++
 1 file changed, 7 insertions(+)

On 08/26/2014 04:06 PM, zhanghailiang wrote:
> For all NICs(except virtio-net) emulated by qemu,
> Such as e1000, rtl8139, pcnet and ne2k_pci,
> Qemu can still receive packets when VM is not running.
>
> If this happened in *migration's* last PAUSE VM stage, but
> before the end of the migration, the new receiving packets will possibly dirty
> parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
> dirty parts of new RAM which will be missed.
> This will lead serious network fault in VM.
>
> To avoid this, we forbid receiving packets in generic net code when
> VM is not running.
>
> Bug reproduction steps:
> (1) Start a VM which configured at least one NIC
> (2) In VM, open several Terminal and do *Ping IP -i 0.1*
> (3) Migrate the VM repeatedly between two Hosts
> And the *PING* command in VM will very likely fail with message:
> 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
> run 'service network restart'
>
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  v4:
> - The action of flush queued packets is unnecessary, remove this.
>   (Thanks for the help of Jason Wang and Stefan). 
>
>  v3:
> - change the 'vmstate' to 'vm_running'
>
>  v2:
> - remove the superfluous check of nc->received_disabled 
> ---
>
>  net/net.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/net/net.c b/net/net.c
> index 6d930ea..4cb92c0 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -41,6 +41,7 @@
>  #include "qapi-visit.h"
>  #include "qapi/opts-visitor.h"
>  #include "qapi/dealloc-visitor.h"
> +#include "sysemu/sysemu.h"
>  
>  /* Net bridge is currently not supported for W32. */
>  #if !defined(_WIN32)
> @@ -452,6 +453,12 @@ void qemu_set_vnet_hdr_len(NetClientState *nc, int len)
>  
>  int qemu_can_send_packet(NetClientState *sender)
>  {
> +    int vm_running = runstate_is_running();
> +
> +    if (!vm_running) {
> +        return 0;
> +    }
> +
>      if (!sender->peer) {
>          return 1;
>      }

Reviewed-by: Jason Wang <jasowang@redhat.com>

zhanghailiang <zhang.zhanghailiang@huawei.com> wrote:
> For all NICs(except virtio-net) emulated by qemu,
> Such as e1000, rtl8139, pcnet and ne2k_pci,
> Qemu can still receive packets when VM is not running.
>
> If this happened in *migration's* last PAUSE VM stage, but
> before the end of the migration, the new receiving packets will possibly dirty
> parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
> dirty parts of new RAM which will be missed.
> This will lead serious network fault in VM.
>
> To avoid this, we forbid receiving packets in generic net code when
> VM is not running.
>
> Bug reproduction steps:
> (1) Start a VM which configured at least one NIC
> (2) In VM, open several Terminal and do *Ping IP -i 0.1*
> (3) Migrate the VM repeatedly between two Hosts
> And the *PING* command in VM will very likely fail with message:
> 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
> run 'service network restart'
>
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>

Reviewed-by: Juan Quintela <quintela@redhat.com>

It fixes the "collateral" issue than info migrate after migration has
ended shows a remaining ram != 0.

Thanks, Juan.

On Tue, Aug 26, 2014 at 04:06:17PM +0800, zhanghailiang wrote:
> For all NICs(except virtio-net) emulated by qemu,
> Such as e1000, rtl8139, pcnet and ne2k_pci,
> Qemu can still receive packets when VM is not running.
> 
> If this happened in *migration's* last PAUSE VM stage, but
> before the end of the migration, the new receiving packets will possibly dirty
> parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
> dirty parts of new RAM which will be missed.
> This will lead serious network fault in VM.
> 
> To avoid this, we forbid receiving packets in generic net code when
> VM is not running.
> 
> Bug reproduction steps:
> (1) Start a VM which configured at least one NIC
> (2) In VM, open several Terminal and do *Ping IP -i 0.1*
> (3) Migrate the VM repeatedly between two Hosts
> And the *PING* command in VM will very likely fail with message:
> 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
> run 'service network restart'
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

> ---
>  v4:
> - The action of flush queued packets is unnecessary, remove this.
>   (Thanks for the help of Jason Wang and Stefan). 
> 
>  v3:
> - change the 'vmstate' to 'vm_running'
> 
>  v2:
> - remove the superfluous check of nc->received_disabled 
> ---
> 
>  net/net.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/net.c b/net/net.c
> index 6d930ea..4cb92c0 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -41,6 +41,7 @@
>  #include "qapi-visit.h"
>  #include "qapi/opts-visitor.h"
>  #include "qapi/dealloc-visitor.h"
> +#include "sysemu/sysemu.h"
>  
>  /* Net bridge is currently not supported for W32. */
>  #if !defined(_WIN32)
> @@ -452,6 +453,12 @@ void qemu_set_vnet_hdr_len(NetClientState *nc, int len)
>  
>  int qemu_can_send_packet(NetClientState *sender)
>  {
> +    int vm_running = runstate_is_running();
> +
> +    if (!vm_running) {
> +        return 0;
> +    }
> +
>      if (!sender->peer) {
>          return 1;
>      }
> -- 
> 1.7.12.4
>

On Wed, Aug 27, 2014 at 01:53:21PM +0200, Michael S. Tsirkin wrote:
> On Tue, Aug 26, 2014 at 04:06:17PM +0800, zhanghailiang wrote:
> > For all NICs(except virtio-net) emulated by qemu,
> > Such as e1000, rtl8139, pcnet and ne2k_pci,
> > Qemu can still receive packets when VM is not running.
> > 
> > If this happened in *migration's* last PAUSE VM stage, but
> > before the end of the migration, the new receiving packets will possibly dirty
> > parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
> > dirty parts of new RAM which will be missed.
> > This will lead serious network fault in VM.
> > 
> > To avoid this, we forbid receiving packets in generic net code when
> > VM is not running.
> > 
> > Bug reproduction steps:
> > (1) Start a VM which configured at least one NIC
> > (2) In VM, open several Terminal and do *Ping IP -i 0.1*
> > (3) Migrate the VM repeatedly between two Hosts
> > And the *PING* command in VM will very likely fail with message:
> > 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
> > run 'service network restart'
> > 
> > Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> 
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

Please add:
Cc: qemu-stable@nongnu.org

when applying this.

Thanks!


> > ---
> >  v4:
> > - The action of flush queued packets is unnecessary, remove this.
> >   (Thanks for the help of Jason Wang and Stefan). 
> > 
> >  v3:
> > - change the 'vmstate' to 'vm_running'
> > 
> >  v2:
> > - remove the superfluous check of nc->received_disabled 
> > ---
> > 
> >  net/net.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> > 
> > diff --git a/net/net.c b/net/net.c
> > index 6d930ea..4cb92c0 100644
> > --- a/net/net.c
> > +++ b/net/net.c
> > @@ -41,6 +41,7 @@
> >  #include "qapi-visit.h"
> >  #include "qapi/opts-visitor.h"
> >  #include "qapi/dealloc-visitor.h"
> > +#include "sysemu/sysemu.h"
> >  
> >  /* Net bridge is currently not supported for W32. */
> >  #if !defined(_WIN32)
> > @@ -452,6 +453,12 @@ void qemu_set_vnet_hdr_len(NetClientState *nc, int len)
> >  
> >  int qemu_can_send_packet(NetClientState *sender)
> >  {
> > +    int vm_running = runstate_is_running();
> > +
> > +    if (!vm_running) {
> > +        return 0;
> > +    }
> > +
> >      if (!sender->peer) {
> >          return 1;
> >      }
> > -- 
> > 1.7.12.4
> >

On 2014/8/27 19:59, Michael S. Tsirkin wrote:
> On Wed, Aug 27, 2014 at 01:53:21PM +0200, Michael S. Tsirkin wrote:
>> On Tue, Aug 26, 2014 at 04:06:17PM +0800, zhanghailiang wrote:
>>> For all NICs(except virtio-net) emulated by qemu,
>>> Such as e1000, rtl8139, pcnet and ne2k_pci,
>>> Qemu can still receive packets when VM is not running.
>>>
>>> If this happened in *migration's* last PAUSE VM stage, but
>>> before the end of the migration, the new receiving packets will possibly dirty
>>> parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
>>> dirty parts of new RAM which will be missed.
>>> This will lead serious network fault in VM.
>>>
>>> To avoid this, we forbid receiving packets in generic net code when
>>> VM is not running.
>>>
>>> Bug reproduction steps:
>>> (1) Start a VM which configured at least one NIC
>>> (2) In VM, open several Terminal and do *Ping IP -i 0.1*
>>> (3) Migrate the VM repeatedly between two Hosts
>>> And the *PING* command in VM will very likely fail with message:
>>> 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
>>> run 'service network restart'
>>>
>>> Signed-off-by: zhanghailiang<zhang.zhanghailiang@huawei.com>
>>
>> Reviewed-by: Michael S. Tsirkin<mst@redhat.com>
>
> Please add:
> Cc: qemu-stable@nongnu.org
>
> when applying this.
>
> Thanks!
>

OK! Thanks.

>
>>> ---
>>>   v4:
>>> - The action of flush queued packets is unnecessary, remove this.
>>>    (Thanks for the help of Jason Wang and Stefan).
>>>
>>>   v3:
>>> - change the 'vmstate' to 'vm_running'
>>>
>>>   v2:
>>> - remove the superfluous check of nc->received_disabled
>>> ---
>>>
>>>   net/net.c | 7 +++++++
>>>   1 file changed, 7 insertions(+)
>>>
>>> diff --git a/net/net.c b/net/net.c
>>> index 6d930ea..4cb92c0 100644
>>> --- a/net/net.c
>>> +++ b/net/net.c
>>> @@ -41,6 +41,7 @@
>>>   #include "qapi-visit.h"
>>>   #include "qapi/opts-visitor.h"
>>>   #include "qapi/dealloc-visitor.h"
>>> +#include "sysemu/sysemu.h"
>>>
>>>   /* Net bridge is currently not supported for W32. */
>>>   #if !defined(_WIN32)
>>> @@ -452,6 +453,12 @@ void qemu_set_vnet_hdr_len(NetClientState *nc, int len)
>>>
>>>   int qemu_can_send_packet(NetClientState *sender)
>>>   {
>>> +    int vm_running = runstate_is_running();
>>> +
>>> +    if (!vm_running) {
>>> +        return 0;
>>> +    }
>>> +
>>>       if (!sender->peer) {
>>>           return 1;
>>>       }
>>> --
>>> 1.7.12.4
>>>
>
> .
>

On Tue, Aug 26, 2014 at 04:06:17PM +0800, zhanghailiang wrote:
> For all NICs(except virtio-net) emulated by qemu,
> Such as e1000, rtl8139, pcnet and ne2k_pci,
> Qemu can still receive packets when VM is not running.
> 
> If this happened in *migration's* last PAUSE VM stage, but
> before the end of the migration, the new receiving packets will possibly dirty
> parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
> dirty parts of new RAM which will be missed.
> This will lead serious network fault in VM.
> 
> To avoid this, we forbid receiving packets in generic net code when
> VM is not running.
> 
> Bug reproduction steps:
> (1) Start a VM which configured at least one NIC
> (2) In VM, open several Terminal and do *Ping IP -i 0.1*
> (3) Migrate the VM repeatedly between two Hosts
> And the *PING* command in VM will very likely fail with message:
> 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
> run 'service network restart'
> 
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  v4:
> - The action of flush queued packets is unnecessary, remove this.
>   (Thanks for the help of Jason Wang and Stefan). 
> 
>  v3:
> - change the 'vmstate' to 'vm_running'
> 
>  v2:
> - remove the superfluous check of nc->received_disabled 
> ---
> 
>  net/net.c | 7 +++++++
>  1 file changed, 7 insertions(+)

Thanks, applied to my net tree:
https://github.com/stefanha/qemu/commits/net

Stefan

On Mon, Sep 01, 2014 at 07:40:18PM +0100, Stefan Hajnoczi wrote:
> On Tue, Aug 26, 2014 at 04:06:17PM +0800, zhanghailiang wrote:
> > For all NICs(except virtio-net) emulated by qemu,
> > Such as e1000, rtl8139, pcnet and ne2k_pci,
> > Qemu can still receive packets when VM is not running.
> > 
> > If this happened in *migration's* last PAUSE VM stage, but
> > before the end of the migration, the new receiving packets will possibly dirty
> > parts of RAM which has been cached in *iovec*(will be sent asynchronously) and
> > dirty parts of new RAM which will be missed.
> > This will lead serious network fault in VM.
> > 
> > To avoid this, we forbid receiving packets in generic net code when
> > VM is not running.
> > 
> > Bug reproduction steps:
> > (1) Start a VM which configured at least one NIC
> > (2) In VM, open several Terminal and do *Ping IP -i 0.1*
> > (3) Migrate the VM repeatedly between two Hosts
> > And the *PING* command in VM will very likely fail with message:
> > 'Destination HOST Unreachable', the NIC in VM will stay unavailable unless you
> > run 'service network restart'
> > 
> > Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> > ---
> >  v4:
> > - The action of flush queued packets is unnecessary, remove this.
> >   (Thanks for the help of Jason Wang and Stefan). 
> > 
> >  v3:
> > - change the 'vmstate' to 'vm_running'
> > 
> >  v2:
> > - remove the superfluous check of nc->received_disabled 
> > ---
> > 
> >  net/net.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> 
> Thanks, applied to my net tree:
> https://github.com/stefanha/qemu/commits/net
> 
> Stefan


Also please
Cc: qemu-stable@nongnu.org