git.ipfire.org Git - thirdparty/qemu.git/commit

author	Greg Kurz <groug@kaod.org>
	Tue, 20 Mar 2018 10:44:56 +0000 (11:44 +0100)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 21 Jun 2018 01:45:00 +0000 (20:45 -0500)
commit	db9c0d907e0121321e51c762bdc9e6b75ff57618
tree	ff5a8c3dc95af7d9e5588ec6b22af40c1704df68	tree
parent	a053477b7c6e5094247986de3aa2f0aa139cbb42	commit \| diff

virtio_net: flush uncompleted TX on reset

If the backend could not transmit a packet right away for some reason,
the packet is queued for asynchronous sending. The corresponding vq
element is tracked in the async_tx.elem field of the VirtIONetQueue,
for later freeing when the transmission is complete.

If a reset happens before completion, virtio_net_tx_complete() will push
async_tx.elem back to the guest anyway, and we end up with the inuse flag
of the vq being equal to -1. The next call to virtqueue_pop() is then
likely to fail with "Virtqueue size exceeded".

This can be reproduced easily by starting a guest with an hubport backend
that is not connected to a functional network, eg,

-device virtio-net-pci,netdev=hub0 -netdev hubport,id=hub0,hubid=0

and no other -netdev hubport,hubid=0 on the command line.

The appropriate fix is to ensure that such an asynchronous transmission
cannot survive a device reset. So for all queues, we first try to send
the packet again, and eventually we purge it if the backend still could
not deliver it.

CC: qemu-stable@nongnu.org
Reported-by: R. Nageswara Sastry <nasastry@in.ibm.com>
Buglink: https://github.com/open-power-host-os/qemu/issues/37
Signed-off-by: Greg Kurz <groug@kaod.org>
Tested-by: R. Nageswara Sastry <nasastry@in.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 94b52958b77a2a040564cf7ed716d3a9545d94e5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

hw/net/virtio-net.c		diff \| blob \| blame \| history
include/net/net.h		diff \| blob \| blame \| history
net/net.c		diff \| blob \| blame \| history