[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f9f42e: e1000: Count CRC in Tx statistics
|
From: |
Alex Bennée |
|
Subject: |
[Qemu-commits] [qemu/qemu] f9f42e: e1000: Count CRC in Tx statistics |
|
Date: |
Wed, 24 May 2023 08:08:27 -0700 |
Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: f9f42e708f33fc54b2943b8f585d1d8f258cba49
https://github.com/qemu/qemu/commit/f9f42e708f33fc54b2943b8f585d1d8f258cba49
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
M hw/net/e1000.c
Log Message:
-----------
e1000: Count CRC in Tx statistics
The Software Developer's Manual 13.7.4.5 "Packets Transmitted (64 Bytes)
Count" says:
> This register counts the number of packets transmitted that are
> exactly 64 bytes (from <Destination Address> through <CRC>,
> inclusively) in length.
It also says similar for the other Tx statistics registers. Add the
number of bytes for CRC to those registers.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit c50b152485d4e10dfa1e1d7ea668f29a5fb92e9c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: pick this for 7.2 too: a fix by its own and makes next patch to apply
cleanly)
Commit: b121ebe143e575de85f2ef2525bba57adb5ac35a
https://github.com/qemu/qemu/commit/b121ebe143e575de85f2ef2525bba57adb5ac35a
Author: timothee.cocault@gmail.com <timothee.cocault@gmail.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
M hw/net/e1000.c
M hw/net/e1000e_core.c
M hw/net/e1000x_common.c
Log Message:
-----------
e1000e: Fix tx/rx counters
The bytes and packets counter registers are cleared on read.
Copying the "total counter" registers to the "good counter" registers has
side effects.
If the "total" register is never read by the OS, it only gets incremented.
This leads to exponential growth of the "good" register.
This commit increments the counters individually to avoid this.
Signed-off-by: Timothée Cocault <timothee.cocault@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 8d689f6aae8be096b4a1859be07c1b083865f755)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: removed hw/net/igb_core.c part: igb introduced in 8.0)
Commit: 8766b9705973cc32c16d07dfeba98a9e1f7d415c
https://github.com/qemu/qemu/commit/8766b9705973cc32c16d07dfeba98a9e1f7d415c
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-05-24 (Wed, 24 May 2023)
Changed paths:
M hw/net/e1000.c
M hw/net/e1000e_core.c
M hw/net/e1000x_common.c
M hw/net/e1000x_common.h
Log Message:
-----------
e1000x: Fix BPRC and MPRC
Before this change, e1000 and the common code updated BPRC and MPRC
depending on the matched filter, but e1000e and igb decided to update
those counters by deriving the packet type independently. This
inconsistency caused a multicast packet to be counted twice.
Updating BPRC and MPRC depending on are fundamentally flawed anyway as
a filter can be used for different types of packets. For example, it is
possible to filter broadcast packets with MTA.
Always determine what counters to update by inspecting the packets.
Fixes: 3b27430177 ("e1000: Implementing various counters")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit f3f9b726afba1f53663768603189e574f80b5907)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: removed hw/net/igb_core.c bits: igb introduced past 7.2)
Commit: 774d5a90b25d7103105fdb4d2ddf3c990d928377
https://github.com/qemu/qemu/commit/774d5a90b25d7103105fdb4d2ddf3c990d928377
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2023-05-24 (Wed, 24 May 2023)
Changed paths:
M hw/net/rtl8139.c
Log Message:
-----------
rtl8139: fix large_send_mss divide-by-zero
If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
Even if the division wasn't a problem, the for loop that emits MSS-sized
packets would never terminate.
Solve these issues by skipping offloading when large_send_mss=0.
This issue was found by OSS-Fuzz as part of Alexander Bulekov's device
fuzzing work. The reproducer is:
$ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
rtl8139,netdev=net0 -netdev user,id=net0 -device \
pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \
memory-backend-ram,id=mem1,size=2M -qtest stdio
outl 0xcf8 0x80000814
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000037 0x1 0x04
write 0xe00000e0 0x2 0x01
write 0x1 0x1 0x04
write 0x3 0x1 0x98
write 0xa 0x1 0x8c
write 0xb 0x1 0x02
write 0xc 0x1 0x46
write 0xd 0x1 0xa6
write 0xf 0x1 0xb8
write 0xb800a646028c000c 0x1 0x08
write 0xb800a646028c000e 0x1 0x47
write 0xb800a646028c0010 0x1 0x02
write 0xb800a646028c0017 0x1 0x06
write 0xb800a646028c0036 0x1 0x80
write 0xe00000d9 0x1 0x40
EOF
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1582
Cc: qemu-stable@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 792676c165159c11412346870fd58fd243ab2166)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/926a8380f2eb...774d5a90b25d
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] f9f42e: e1000: Count CRC in Tx statistics,
Alex Bennée <=