mirror of
https://github.com/xemu-project/xemu.git
synced 2024-11-27 21:40:49 +00:00
e29919c93d
e.g.
1109 15:16:20.151506 Uninitialized bytes in ioctl_common_pre at offset 0 inside [0x7ffc516af9b8, 4)
1109 15:16:20.151659 ==588974==WARNING: MemorySanitizer: use-of-uninitialized-value
1109 15:16:20.312923 #0 0x5639b88acb21 in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c:183:9
1109 15:16:20.312952 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.312954 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.312956 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.312957 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.312958 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.312960 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.312961 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.312962 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.312964 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.312965 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.312967 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.312968 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.312969 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.312970
1109 15:16:20.312975 Uninitialized value was stored to memory at
1109 15:16:20.313393 #0 0x5639b88acbee in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c
1109 15:16:20.313396 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.313398 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313399 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313400 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313401 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313403 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313404 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313405 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313407 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313408 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313409 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313410 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313412 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313413
1109 15:16:20.313417 Uninitialized value was stored to memory at
1109 15:16:20.313791 #0 0x5639b88affbd in net_tap_fd_init third_party/qemu/net/tap.c:400:26
1109 15:16:20.313826 #1 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313829 #2 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313831 #3 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313836 #4 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313838 #5 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313839 #6 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313841 #7 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313843 #8 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313844 #9 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313845 #10 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313846 #11 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313847 #12 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313849
1109 15:16:20.313851 Uninitialized value was created by an allocation of 'ifr' in the stack frame of function 'tap_probe_vnet_hdr'
1109 15:16:20.313855 #0 0x5639b88ac680 in tap_probe_vnet_hdr third_party/qemu/net/tap-linux.c:151
1109 15:16:20.313856
1109 15:16:20.313878 SUMMARY: MemorySanitizer: use-of-uninitialized-value third_party/qemu/net/tap-linux.c:183:9 in tap_probe_vnet_hdr_len
Fixes: dc69004c7d
("net: move tap_probe_vnet_hdr() to tap-linux.c")
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Foley <pefoley@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
333 lines
8.7 KiB
C
333 lines
8.7 KiB
C
/*
|
|
* QEMU System Emulator
|
|
*
|
|
* Copyright (c) 2003-2008 Fabrice Bellard
|
|
* Copyright (c) 2009 Red Hat, Inc.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include "qemu-common.h"
|
|
#include "tap_int.h"
|
|
#include "tap-linux.h"
|
|
#include "net/tap.h"
|
|
|
|
#include <net/if.h>
|
|
#include <sys/ioctl.h>
|
|
|
|
#include "qapi/error.h"
|
|
#include "qemu/error-report.h"
|
|
#include "qemu/cutils.h"
|
|
|
|
#define PATH_NET_TUN "/dev/net/tun"
|
|
|
|
int tap_open(char *ifname, int ifname_size, int *vnet_hdr,
|
|
int vnet_hdr_required, int mq_required, Error **errp)
|
|
{
|
|
struct ifreq ifr;
|
|
int fd, ret;
|
|
int len = sizeof(struct virtio_net_hdr);
|
|
unsigned int features;
|
|
|
|
TFR(fd = open(PATH_NET_TUN, O_RDWR));
|
|
if (fd < 0) {
|
|
error_setg_errno(errp, errno, "could not open %s", PATH_NET_TUN);
|
|
return -1;
|
|
}
|
|
memset(&ifr, 0, sizeof(ifr));
|
|
ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
|
|
|
|
if (ioctl(fd, TUNGETFEATURES, &features) == -1) {
|
|
warn_report("TUNGETFEATURES failed: %s", strerror(errno));
|
|
features = 0;
|
|
}
|
|
|
|
if (features & IFF_ONE_QUEUE) {
|
|
ifr.ifr_flags |= IFF_ONE_QUEUE;
|
|
}
|
|
|
|
if (*vnet_hdr) {
|
|
if (features & IFF_VNET_HDR) {
|
|
*vnet_hdr = 1;
|
|
ifr.ifr_flags |= IFF_VNET_HDR;
|
|
} else {
|
|
*vnet_hdr = 0;
|
|
}
|
|
|
|
if (vnet_hdr_required && !*vnet_hdr) {
|
|
error_setg(errp, "vnet_hdr=1 requested, but no kernel "
|
|
"support for IFF_VNET_HDR available");
|
|
close(fd);
|
|
return -1;
|
|
}
|
|
/*
|
|
* Make sure vnet header size has the default value: for a persistent
|
|
* tap it might have been modified e.g. by another instance of qemu.
|
|
* Ignore errors since old kernels do not support this ioctl: in this
|
|
* case the header size implicitly has the correct value.
|
|
*/
|
|
ioctl(fd, TUNSETVNETHDRSZ, &len);
|
|
}
|
|
|
|
if (mq_required) {
|
|
if (!(features & IFF_MULTI_QUEUE)) {
|
|
error_setg(errp, "multiqueue required, but no kernel "
|
|
"support for IFF_MULTI_QUEUE available");
|
|
close(fd);
|
|
return -1;
|
|
} else {
|
|
ifr.ifr_flags |= IFF_MULTI_QUEUE;
|
|
}
|
|
}
|
|
|
|
if (ifname[0] != '\0')
|
|
pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname);
|
|
else
|
|
pstrcpy(ifr.ifr_name, IFNAMSIZ, "tap%d");
|
|
ret = ioctl(fd, TUNSETIFF, (void *) &ifr);
|
|
if (ret != 0) {
|
|
if (ifname[0] != '\0') {
|
|
error_setg_errno(errp, errno, "could not configure %s (%s)",
|
|
PATH_NET_TUN, ifr.ifr_name);
|
|
} else {
|
|
error_setg_errno(errp, errno, "could not configure %s",
|
|
PATH_NET_TUN);
|
|
}
|
|
close(fd);
|
|
return -1;
|
|
}
|
|
pstrcpy(ifname, ifname_size, ifr.ifr_name);
|
|
fcntl(fd, F_SETFL, O_NONBLOCK);
|
|
return fd;
|
|
}
|
|
|
|
/* sndbuf implements a kind of flow control for tap.
|
|
* Unfortunately when it's enabled, and packets are sent
|
|
* to other guests on the same host, the receiver
|
|
* can lock up the transmitter indefinitely.
|
|
*
|
|
* To avoid packet loss, sndbuf should be set to a value lower than the tx
|
|
* queue capacity of any destination network interface.
|
|
* Ethernet NICs generally have txqueuelen=1000, so 1Mb is
|
|
* a good value, given a 1500 byte MTU.
|
|
*/
|
|
#define TAP_DEFAULT_SNDBUF 0
|
|
|
|
void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
|
|
{
|
|
int sndbuf;
|
|
|
|
sndbuf = !tap->has_sndbuf ? TAP_DEFAULT_SNDBUF :
|
|
tap->sndbuf > INT_MAX ? INT_MAX :
|
|
tap->sndbuf;
|
|
|
|
if (!sndbuf) {
|
|
sndbuf = INT_MAX;
|
|
}
|
|
|
|
if (ioctl(fd, TUNSETSNDBUF, &sndbuf) == -1 && tap->has_sndbuf) {
|
|
error_setg_errno(errp, errno, "TUNSETSNDBUF ioctl failed");
|
|
}
|
|
}
|
|
|
|
int tap_probe_vnet_hdr(int fd, Error **errp)
|
|
{
|
|
struct ifreq ifr;
|
|
memset(&ifr, 0, sizeof(ifr));
|
|
|
|
if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
|
|
/* TUNGETIFF is available since kernel v2.6.27 */
|
|
error_setg_errno(errp, errno,
|
|
"Unable to query TUNGETIFF on FD %d", fd);
|
|
return -1;
|
|
}
|
|
|
|
return ifr.ifr_flags & IFF_VNET_HDR;
|
|
}
|
|
|
|
int tap_probe_has_ufo(int fd)
|
|
{
|
|
unsigned offload;
|
|
|
|
offload = TUN_F_CSUM | TUN_F_UFO;
|
|
|
|
if (ioctl(fd, TUNSETOFFLOAD, offload) < 0)
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
/* Verify that we can assign given length */
|
|
int tap_probe_vnet_hdr_len(int fd, int len)
|
|
{
|
|
int orig;
|
|
if (ioctl(fd, TUNGETVNETHDRSZ, &orig) == -1) {
|
|
return 0;
|
|
}
|
|
if (ioctl(fd, TUNSETVNETHDRSZ, &len) == -1) {
|
|
return 0;
|
|
}
|
|
/* Restore original length: we can't handle failure. */
|
|
if (ioctl(fd, TUNSETVNETHDRSZ, &orig) == -1) {
|
|
fprintf(stderr, "TUNGETVNETHDRSZ ioctl() failed: %s. Exiting.\n",
|
|
strerror(errno));
|
|
abort();
|
|
return -errno;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
void tap_fd_set_vnet_hdr_len(int fd, int len)
|
|
{
|
|
if (ioctl(fd, TUNSETVNETHDRSZ, &len) == -1) {
|
|
fprintf(stderr, "TUNSETVNETHDRSZ ioctl() failed: %s. Exiting.\n",
|
|
strerror(errno));
|
|
abort();
|
|
}
|
|
}
|
|
|
|
int tap_fd_set_vnet_le(int fd, int is_le)
|
|
{
|
|
int arg = is_le ? 1 : 0;
|
|
|
|
if (!ioctl(fd, TUNSETVNETLE, &arg)) {
|
|
return 0;
|
|
}
|
|
|
|
/* Check if our kernel supports TUNSETVNETLE */
|
|
if (errno == EINVAL) {
|
|
return -errno;
|
|
}
|
|
|
|
error_report("TUNSETVNETLE ioctl() failed: %s.", strerror(errno));
|
|
abort();
|
|
}
|
|
|
|
int tap_fd_set_vnet_be(int fd, int is_be)
|
|
{
|
|
int arg = is_be ? 1 : 0;
|
|
|
|
if (!ioctl(fd, TUNSETVNETBE, &arg)) {
|
|
return 0;
|
|
}
|
|
|
|
/* Check if our kernel supports TUNSETVNETBE */
|
|
if (errno == EINVAL) {
|
|
return -errno;
|
|
}
|
|
|
|
error_report("TUNSETVNETBE ioctl() failed: %s.", strerror(errno));
|
|
abort();
|
|
}
|
|
|
|
void tap_fd_set_offload(int fd, int csum, int tso4,
|
|
int tso6, int ecn, int ufo)
|
|
{
|
|
unsigned int offload = 0;
|
|
|
|
/* Check if our kernel supports TUNSETOFFLOAD */
|
|
if (ioctl(fd, TUNSETOFFLOAD, 0) != 0 && errno == EINVAL) {
|
|
return;
|
|
}
|
|
|
|
if (csum) {
|
|
offload |= TUN_F_CSUM;
|
|
if (tso4)
|
|
offload |= TUN_F_TSO4;
|
|
if (tso6)
|
|
offload |= TUN_F_TSO6;
|
|
if ((tso4 || tso6) && ecn)
|
|
offload |= TUN_F_TSO_ECN;
|
|
if (ufo)
|
|
offload |= TUN_F_UFO;
|
|
}
|
|
|
|
if (ioctl(fd, TUNSETOFFLOAD, offload) != 0) {
|
|
offload &= ~TUN_F_UFO;
|
|
if (ioctl(fd, TUNSETOFFLOAD, offload) != 0) {
|
|
fprintf(stderr, "TUNSETOFFLOAD ioctl() failed: %s\n",
|
|
strerror(errno));
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Enable a specific queue of tap. */
|
|
int tap_fd_enable(int fd)
|
|
{
|
|
struct ifreq ifr;
|
|
int ret;
|
|
|
|
memset(&ifr, 0, sizeof(ifr));
|
|
|
|
ifr.ifr_flags = IFF_ATTACH_QUEUE;
|
|
ret = ioctl(fd, TUNSETQUEUE, (void *) &ifr);
|
|
|
|
if (ret != 0) {
|
|
error_report("could not enable queue");
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Disable a specific queue of tap/ */
|
|
int tap_fd_disable(int fd)
|
|
{
|
|
struct ifreq ifr;
|
|
int ret;
|
|
|
|
memset(&ifr, 0, sizeof(ifr));
|
|
|
|
ifr.ifr_flags = IFF_DETACH_QUEUE;
|
|
ret = ioctl(fd, TUNSETQUEUE, (void *) &ifr);
|
|
|
|
if (ret != 0) {
|
|
error_report("could not disable queue");
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
int tap_fd_get_ifname(int fd, char *ifname)
|
|
{
|
|
struct ifreq ifr;
|
|
|
|
if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
|
|
error_report("TUNGETIFF ioctl() failed: %s",
|
|
strerror(errno));
|
|
return -1;
|
|
}
|
|
|
|
pstrcpy(ifname, sizeof(ifr.ifr_name), ifr.ifr_name);
|
|
return 0;
|
|
}
|
|
|
|
int tap_fd_set_steering_ebpf(int fd, int prog_fd)
|
|
{
|
|
if (ioctl(fd, TUNSETSTEERINGEBPF, (void *) &prog_fd) != 0) {
|
|
error_report("Issue while setting TUNSETSTEERINGEBPF:"
|
|
" %s with fd: %d, prog_fd: %d",
|
|
strerror(errno), fd, prog_fd);
|
|
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|