Use the control virtqueue to allow the guest to allocate and set a MAC filter table. A new MAC_TABLE class with commands ALLOC and SET are defined and documented in virtio-net.h for manipulating the table. We limit the size of the filter table to the host page size. This is likely bigger than makes sense for a filter table and prevents a malicious guest from abusing the interface. The fitler table is a simple fixed sized array defined by the ALLOC command. We do this to avoid locking issues with receiving packets while updates to the table are being made. The table is freed at device reset as a way to allow "offline" resize, and resizing between instances of the guest driver loading. It's the guest's responsibility to allocate the table before trying to use it. Signed-off-by: Alex Williamson <alex.williamson@xxxxxx> --- Updated to reflect change in receive_filter() looking past vnet_hdr. qemu/hw/virtio-net.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++- qemu/hw/virtio-net.h | 20 +++++++++++ 2 files changed, 114 insertions(+), 1 deletions(-) diff --git a/qemu/hw/virtio-net.c b/qemu/hw/virtio-net.c index 18877b4..528171e 100644 --- a/qemu/hw/virtio-net.c +++ b/qemu/hw/virtio-net.c @@ -21,7 +21,7 @@ #define TAP_VNET_HDR -#define VIRTIO_NET_VM_VERSION 4 +#define VIRTIO_NET_VM_VERSION 5 #define ETH_ALEN 6 @@ -39,6 +39,11 @@ typedef struct VirtIONet int mergeable_rx_bufs; int promisc; int allmulti; + struct { + int entries; + int in_use; + uint8_t *macs; + } mac_table; } VirtIONet; /* TODO @@ -87,6 +92,17 @@ static void virtio_net_set_link_status(VLANClientState *vc) virtio_notify_config(&n->vdev); } +static void virtio_net_reset(VirtIODevice *vdev) +{ + VirtIONet *n = to_virtio_net(vdev); + + /* Allow the MAC filter table to be re-allocated after a device reset */ + n->mac_table.in_use = 0; + n->mac_table.entries = 0; + qemu_free(n->mac_table.macs); + n->mac_table.macs = NULL; +} + static uint32_t virtio_net_get_features(VirtIODevice *vdev) { uint32_t features = (1 << VIRTIO_NET_F_MAC) | (1 << VIRTIO_NET_F_STATUS); @@ -155,6 +171,58 @@ static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd, return VIRTIO_NET_OK; } +static int virtio_net_handle_mac_table(VirtIONet *n, uint8_t cmd, + VirtQueueElement *elem) +{ + if (cmd == VIRTIO_NET_CTRL_MAC_TABLE_ALLOC) { + uint32_t *entries; + unsigned int size; + + if (n->mac_table.entries || elem->out_num != 2 || + elem->out_sg[1].iov_len != sizeof(*entries)) + return VIRTIO_NET_ERR; + + entries = elem->out_sg[1].iov_base; + size = *entries * ETH_ALEN; + + /* + * Limit the MAC filter table to a single page to protect from + * malicious guests. Probably bigger than makes sense anyway. + */ + if (size > getpagesize()) + return VIRTIO_NET_ERR; + + n->mac_table.macs = qemu_mallocz(size); + if (!n->mac_table.macs) + return VIRTIO_NET_ERR; + + n->mac_table.entries = *entries; + return VIRTIO_NET_OK; + + } else if (cmd == VIRTIO_NET_CTRL_MAC_TABLE_SET) { + int entries = 0; + + if (!n->mac_table.entries || elem->out_num > 2) + return VIRTIO_NET_ERR; + + if (elem->out_num == 2) + entries = elem->out_sg[1].iov_len / ETH_ALEN; + + if (entries > n->mac_table.entries) + return VIRTIO_NET_ERR; + + n->mac_table.in_use = 0; + if (entries) { + memcpy(n->mac_table.macs, elem->out_sg[1].iov_base, + elem->out_sg[1].iov_len); + n->mac_table.in_use = entries; + } + return VIRTIO_NET_OK; + } + + return VIRTIO_NET_ERR; +} + static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) { VirtIONet *n = to_virtio_net(vdev); @@ -180,6 +248,8 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) if (ctrl->class == VIRTIO_NET_CTRL_RX_MODE) *status = virtio_net_handle_rx_mode(n, ctrl->cmd, &elem); + else if (ctrl->class == VIRTIO_NET_CTRL_MAC_TABLE) + *status = virtio_net_handle_mac_table(n, ctrl->cmd, &elem); virtqueue_push(vq, &elem, sizeof(*status)); virtio_notify(vdev, vq); @@ -297,6 +367,7 @@ static int receive_filter(VirtIONet *n, const uint8_t *buf, int size) { static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; uint8_t *ptr = (uint8_t *)buf; + int i; #ifdef TAP_VNET_HDR if (tap_has_vnet_hdr(n->vc->vlan->first_client)) @@ -315,6 +386,11 @@ static int receive_filter(VirtIONet *n, const uint8_t *buf, int size) if (!memcmp(ptr, n->mac, ETH_ALEN)) return 1; + for (i = 0; i < n->mac_table.in_use; i++) { + if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) + return 1; + } + return 0; } @@ -493,6 +569,10 @@ static void virtio_net_save(QEMUFile *f, void *opaque) qemu_put_be16(f, n->status); qemu_put_be32(f, n->promisc); qemu_put_be32(f, n->allmulti); + qemu_put_be32(f, n->mac_table.entries); + qemu_put_be32(f, n->mac_table.in_use); + if (n->mac_table.entries) + qemu_put_buffer(f, n->mac_table.macs, n->mac_table.entries * ETH_ALEN); } static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) @@ -522,6 +602,18 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) n->allmulti = qemu_get_be32(f); } + if (version_id >= 5) { + n->mac_table.entries = qemu_get_be32(f); + n->mac_table.in_use = qemu_get_be32(f); + if (n->mac_table.entries) { + n->mac_table.macs = qemu_mallocz(n->mac_table.entries * ETH_ALEN); + if (!n->mac_table.macs) + return -ENOMEM; + qemu_get_buffer(f, n->mac_table.macs, + n->mac_table.entries * ETH_ALEN); + } + } + if (n->tx_timer_active) { qemu_mod_timer(n->tx_timer, qemu_get_clock(vm_clock) + TX_TIMER_INTERVAL); @@ -547,6 +639,7 @@ PCIDevice *virtio_net_init(PCIBus *bus, NICInfo *nd, int devfn) n->vdev.set_config = virtio_net_set_config; n->vdev.get_features = virtio_net_get_features; n->vdev.set_features = virtio_net_set_features; + n->vdev.reset = virtio_net_reset; n->rx_vq = virtio_add_queue(&n->vdev, 256, virtio_net_handle_rx); n->tx_vq = virtio_add_queue(&n->vdev, 256, virtio_net_handle_tx); n->ctrl_vq = virtio_add_queue(&n->vdev, 16, virtio_net_handle_ctrl); diff --git a/qemu/hw/virtio-net.h b/qemu/hw/virtio-net.h index a4c4005..6faf497 100644 --- a/qemu/hw/virtio-net.h +++ b/qemu/hw/virtio-net.h @@ -108,4 +108,24 @@ typedef uint8_t virtio_net_ctrl_ack; #define VIRTIO_NET_CTRL_RX_MODE_PROMISC 0 #define VIRTIO_NET_CTRL_RX_MODE_ALLMULTI 1 +/* + * Control the MAC filter table. + * + * The ALLOC command requires a 4 byte sg entry indicating the size of + * the MAC filter table to be allocated in number of entries + * (ie. bytes = entries * ETH_ALEN). The MAC filter table may only be + * allocated once after a device reset. A device reset frees the MAC + * filter table, allowing a new ALLOC. The current implementation limits + * the size to a single host page. + * + * The SET command requires an out sg entry containing a buffer of the + * entire MAC filter table. The format is a simple byte stream + * concatenating all of the ETH_ALEN MAC adresses to be inserted into + * the table. Partial updates are not available. The SET command can + * only succeed if there is a table allocated. + */ +#define VIRTIO_NET_CTRL_MAC_TABLE 1 + #define VIRTIO_NET_CTRL_MAC_TABLE_ALLOC 0 + #define VIRTIO_NET_CTRL_MAC_TABLE_SET 1 + #endif -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html