From patchwork Thu Oct 29 12:00:58 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Scott Tsai <scottt.tw@gmail.com>
X-Patchwork-Id: 56457
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n9TC17TU029730
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 29 Oct 2009 12:01:07 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751699AbZJ2MA7 (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Thu, 29 Oct 2009 08:00:59 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752571AbZJ2MA7
	(ORCPT <rfc822;kvm-outgoing>); Thu, 29 Oct 2009 08:00:59 -0400
Received: from mail-yx0-f187.google.com ([209.85.210.187]:33155 "EHLO
	mail-yx0-f187.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751573AbZJ2MA6 (ORCPT <rfc822; kvm@vger.kernel.org>);
	Thu, 29 Oct 2009 08:00:58 -0400
Received: by yxe17 with SMTP id 17so1563989yxe.33
	for <kvm@vger.kernel.org>; Thu, 29 Oct 2009 05:01:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:content-type:cc:subject:from
	:to:in-reply-to:references:date:message-id:user-agent
	:content-transfer-encoding;
	bh=m0Bo6KJlzsaj/LMnWXe4vPgrqEuZuPWeOixoBzY0Nnk=;
	b=hB0t66AcKT0qvGh/f4/YBcbWPFMSo3p8E9Wef7xWh8qMEJv5vxI+qZEN4AMQq4KWIm
	87kH832N0xDTlGl8BbqSdYljxsjI0tQ5Mp0P1zRWowyqSpdXYTqZBd+6WHRyL9JVyNis
	9LO/kelIvbz796BQYM4bR84+z4oRgtr7cV29Y=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=content-type:cc:subject:from:to:in-reply-to:references:date
	:message-id:user-agent:content-transfer-encoding;
	b=Tcbzz5DcIhmSgmCV1iC6bAqyW/1B4kpaHqhVUe4yLM03YUoiW0pquJbvW+hAtJ8Rx3
	kIEk3L8Wi88QE0dgKCbzmPwI/+zse7iaQRGfqvh8YP90dEbGbn8A/cuAT9PpH3GB0RcU
	ANkzMsytKEdiCkJFb2n3KfXjAt1MHjp2ZS1i4=
Received: by 10.91.141.6 with SMTP id t6mr235835agn.49.1256817658442;
	Thu, 29 Oct 2009 05:00:58 -0700 (PDT)
Received: from localhost (220-136-176-197.dynamic.hinet.net
	[220.136.176.197])
	by mx.google.com with ESMTPS id 39sm859630yxd.63.2009.10.29.05.00.55
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Thu, 29 Oct 2009 05:00:56 -0700 (PDT)
Cc: Dustin Kirkland <kirkland@canonical.com>,
	qemu-devel <qemu-devel@nongnu.org>, kvm <kvm@vger.kernel.org>,
	Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [Qemu-devel] qemu-kvm-0.11 regression,
	crashes on older guests with virtio network
From: Scott Tsai <scottt.tw@gmail.com>
To: Mark McLoughlin <markmc@redhat.com>
In-reply-to: <1256807803.10825.39.camel@blaa>
References: <d9c105ea0910281222u76a61a2by3cc924e85d40a865@mail.gmail.com>
	<1256807803.10825.39.camel@blaa>
Date: Thu, 29 Oct 2009 20:00:58 +0800
Message-Id: <1256815818-sup-7805@xpc65.scottt>
User-Agent: Sup/0.9
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org


diff --git a/hw/virtio-net.c b/hw/virtio-net.c
index ce8e6cb..2e6725b 100644
--- a/hw/virtio-net.c
+++ b/hw/virtio-net.c
@@ -502,6 +502,8 @@ static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
     return 0;
 }
 
+int buffer_fits_in_virtqueue_top(VirtQueue *vq, int size);
+
 static ssize_t virtio_net_receive2(VLANClientState *vc, const uint8_t *buf, size_t size, int raw)
 {
     VirtIONet *n = vc->opaque;
@@ -518,6 +520,10 @@ static ssize_t virtio_net_receive2(VLANClientState *vc, const uint8_t *buf, size
     hdr_len = n->mergeable_rx_bufs ?
         sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
 
+    /* drop packet instead of truncating it */
+    if (!n->mergeable_rx_bufs && !buffer_fits_in_virtqueue_top(n->rx_vq, hdr_len + size))
+        return;
+
     offset = i = 0;
 
     while (offset < size) {
@@ -531,7 +537,7 @@ static ssize_t virtio_net_receive2(VLANClientState *vc, const uint8_t *buf, size
             virtqueue_pop(n->rx_vq, &elem) == 0) {
             if (i == 0)
                 return -1;
-            fprintf(stderr, "virtio-net truncating packet\n");
+            fprintf(stderr, "virtio-net truncating packet: mergable_rx_bufs: %d\n", n->mergeable_rx_bufs);
             exit(1);
         }
 
diff --git a/hw/virtio.c b/hw/virtio.c
index 41e7ca2..d9e0353 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -356,6 +356,39 @@ int virtqueue_avail_bytes(VirtQueue *vq, int in_bytes, int out_bytes)
     return 0;
 }
 
+/* buffer_fits_in_virtqueue_top: returns true if a 'size' byte buffer could fit in the
+ * input descriptors that virtqueue_pop() would have returned
+ */
+int buffer_fits_in_virtqueue_top(VirtQueue *vq, int size);
+
+int buffer_fits_in_virtqueue_top(VirtQueue *vq, int size)
+{
+    unsigned int i, max;
+    int input_iov_len_sum;
+    target_phys_addr_t desc_pa;
+
+    if (!virtqueue_num_heads(vq, vq->last_avail_idx))
+        return 0;
+
+    desc_pa = vq->vring.desc;
+    max = vq->vring.num;
+    i = virtqueue_get_head(vq, vq->last_avail_idx);
+
+    if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_INDIRECT) {
+        /* loop over the indirect descriptor table */
+        max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
+        desc_pa = vring_desc_addr(desc_pa, i);
+        i = 0;
+    }
+
+    input_iov_len_sum = 0;
+    do {
+        if (vring_desc_flags(desc_pa, i) & VRING_DESC_F_WRITE)
+            input_iov_len_sum += vring_desc_len(desc_pa, i);
+    } while ((i = virtqueue_next_desc(desc_pa, i, max)) != vq->vring.num);
+    return input_iov_len_sum >= size;
+}
+
 int virtqueue_pop(VirtQueue *vq, VirtQueueElement *elem)
 {
     unsigned int i, head, max;