qemu-e2k/net/tap-linux.c
Peter Foley e29919c93d net: Fix uninitialized data usage
e.g.
1109 15:16:20.151506 Uninitialized bytes in ioctl_common_pre at offset 0 inside [0x7ffc516af9b8, 4)
 1109 15:16:20.151659 ==588974==WARNING: MemorySanitizer: use-of-uninitialized-value
 1109 15:16:20.312923     #0 0x5639b88acb21 in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c:183:9
 1109 15:16:20.312952     #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
 1109 15:16:20.312954     #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
 1109 15:16:20.312956     #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
 1109 15:16:20.312957     #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
 1109 15:16:20.312958     #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
 1109 15:16:20.312960     #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
 1109 15:16:20.312961     #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
 1109 15:16:20.312962     #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
 1109 15:16:20.312964     #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
 1109 15:16:20.312965     #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
 1109 15:16:20.312967     #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
 1109 15:16:20.312968     #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
 1109 15:16:20.312969     #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
 1109 15:16:20.312970
 1109 15:16:20.312975   Uninitialized value was stored to memory at
 1109 15:16:20.313393     #0 0x5639b88acbee in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c
 1109 15:16:20.313396     #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
 1109 15:16:20.313398     #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
 1109 15:16:20.313399     #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
 1109 15:16:20.313400     #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
 1109 15:16:20.313401     #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
 1109 15:16:20.313403     #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
 1109 15:16:20.313404     #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
 1109 15:16:20.313405     #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
 1109 15:16:20.313407     #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
 1109 15:16:20.313408     #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
 1109 15:16:20.313409     #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
 1109 15:16:20.313410     #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
 1109 15:16:20.313412     #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
 1109 15:16:20.313413
 1109 15:16:20.313417   Uninitialized value was stored to memory at
 1109 15:16:20.313791     #0 0x5639b88affbd in net_tap_fd_init third_party/qemu/net/tap.c:400:26
 1109 15:16:20.313826     #1 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
 1109 15:16:20.313829     #2 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
 1109 15:16:20.313831     #3 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
 1109 15:16:20.313836     #4 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
 1109 15:16:20.313838     #5 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
 1109 15:16:20.313839     #6 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
 1109 15:16:20.313841     #7 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
 1109 15:16:20.313843     #8 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
 1109 15:16:20.313844     #9 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
 1109 15:16:20.313845     #10 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
 1109 15:16:20.313846     #11 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
 1109 15:16:20.313847     #12 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
 1109 15:16:20.313849
 1109 15:16:20.313851   Uninitialized value was created by an allocation of 'ifr' in the stack frame of function 'tap_probe_vnet_hdr'
 1109 15:16:20.313855     #0 0x5639b88ac680 in tap_probe_vnet_hdr third_party/qemu/net/tap-linux.c:151
 1109 15:16:20.313856
 1109 15:16:20.313878 SUMMARY: MemorySanitizer: use-of-uninitialized-value third_party/qemu/net/tap-linux.c:183:9 in tap_probe_vnet_hdr_len

Fixes: dc69004c7d8 ("net: move tap_probe_vnet_hdr() to tap-linux.c")
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Foley <pefoley@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2022-02-14 11:50:44 +08:00

333 lines
8.7 KiB
C

/*
* QEMU System Emulator
*
* Copyright (c) 2003-2008 Fabrice Bellard
* Copyright (c) 2009 Red Hat, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include "qemu/osdep.h"
#include "qemu-common.h"
#include "tap_int.h"
#include "tap-linux.h"
#include "net/tap.h"
#include <net/if.h>
#include <sys/ioctl.h>
#include "qapi/error.h"
#include "qemu/error-report.h"
#include "qemu/cutils.h"
#define PATH_NET_TUN "/dev/net/tun"
int tap_open(char *ifname, int ifname_size, int *vnet_hdr,
int vnet_hdr_required, int mq_required, Error **errp)
{
struct ifreq ifr;
int fd, ret;
int len = sizeof(struct virtio_net_hdr);
unsigned int features;
TFR(fd = open(PATH_NET_TUN, O_RDWR));
if (fd < 0) {
error_setg_errno(errp, errno, "could not open %s", PATH_NET_TUN);
return -1;
}
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
if (ioctl(fd, TUNGETFEATURES, &features) == -1) {
warn_report("TUNGETFEATURES failed: %s", strerror(errno));
features = 0;
}
if (features & IFF_ONE_QUEUE) {
ifr.ifr_flags |= IFF_ONE_QUEUE;
}
if (*vnet_hdr) {
if (features & IFF_VNET_HDR) {
*vnet_hdr = 1;
ifr.ifr_flags |= IFF_VNET_HDR;
} else {
*vnet_hdr = 0;
}
if (vnet_hdr_required && !*vnet_hdr) {
error_setg(errp, "vnet_hdr=1 requested, but no kernel "
"support for IFF_VNET_HDR available");
close(fd);
return -1;
}
/*
* Make sure vnet header size has the default value: for a persistent
* tap it might have been modified e.g. by another instance of qemu.
* Ignore errors since old kernels do not support this ioctl: in this
* case the header size implicitly has the correct value.
*/
ioctl(fd, TUNSETVNETHDRSZ, &len);
}
if (mq_required) {
if (!(features & IFF_MULTI_QUEUE)) {
error_setg(errp, "multiqueue required, but no kernel "
"support for IFF_MULTI_QUEUE available");
close(fd);
return -1;
} else {
ifr.ifr_flags |= IFF_MULTI_QUEUE;
}
}
if (ifname[0] != '\0')
pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname);
else
pstrcpy(ifr.ifr_name, IFNAMSIZ, "tap%d");
ret = ioctl(fd, TUNSETIFF, (void *) &ifr);
if (ret != 0) {
if (ifname[0] != '\0') {
error_setg_errno(errp, errno, "could not configure %s (%s)",
PATH_NET_TUN, ifr.ifr_name);
} else {
error_setg_errno(errp, errno, "could not configure %s",
PATH_NET_TUN);
}
close(fd);
return -1;
}
pstrcpy(ifname, ifname_size, ifr.ifr_name);
fcntl(fd, F_SETFL, O_NONBLOCK);
return fd;
}
/* sndbuf implements a kind of flow control for tap.
* Unfortunately when it's enabled, and packets are sent
* to other guests on the same host, the receiver
* can lock up the transmitter indefinitely.
*
* To avoid packet loss, sndbuf should be set to a value lower than the tx
* queue capacity of any destination network interface.
* Ethernet NICs generally have txqueuelen=1000, so 1Mb is
* a good value, given a 1500 byte MTU.
*/
#define TAP_DEFAULT_SNDBUF 0
void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
{
int sndbuf;
sndbuf = !tap->has_sndbuf ? TAP_DEFAULT_SNDBUF :
tap->sndbuf > INT_MAX ? INT_MAX :
tap->sndbuf;
if (!sndbuf) {
sndbuf = INT_MAX;
}
if (ioctl(fd, TUNSETSNDBUF, &sndbuf) == -1 && tap->has_sndbuf) {
error_setg_errno(errp, errno, "TUNSETSNDBUF ioctl failed");
}
}
int tap_probe_vnet_hdr(int fd, Error **errp)
{
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
/* TUNGETIFF is available since kernel v2.6.27 */
error_setg_errno(errp, errno,
"Unable to query TUNGETIFF on FD %d", fd);
return -1;
}
return ifr.ifr_flags & IFF_VNET_HDR;
}
int tap_probe_has_ufo(int fd)
{
unsigned offload;
offload = TUN_F_CSUM | TUN_F_UFO;
if (ioctl(fd, TUNSETOFFLOAD, offload) < 0)
return 0;
return 1;
}
/* Verify that we can assign given length */
int tap_probe_vnet_hdr_len(int fd, int len)
{
int orig;
if (ioctl(fd, TUNGETVNETHDRSZ, &orig) == -1) {
return 0;
}
if (ioctl(fd, TUNSETVNETHDRSZ, &len) == -1) {
return 0;
}
/* Restore original length: we can't handle failure. */
if (ioctl(fd, TUNSETVNETHDRSZ, &orig) == -1) {
fprintf(stderr, "TUNGETVNETHDRSZ ioctl() failed: %s. Exiting.\n",
strerror(errno));
abort();
return -errno;
}
return 1;
}
void tap_fd_set_vnet_hdr_len(int fd, int len)
{
if (ioctl(fd, TUNSETVNETHDRSZ, &len) == -1) {
fprintf(stderr, "TUNSETVNETHDRSZ ioctl() failed: %s. Exiting.\n",
strerror(errno));
abort();
}
}
int tap_fd_set_vnet_le(int fd, int is_le)
{
int arg = is_le ? 1 : 0;
if (!ioctl(fd, TUNSETVNETLE, &arg)) {
return 0;
}
/* Check if our kernel supports TUNSETVNETLE */
if (errno == EINVAL) {
return -errno;
}
error_report("TUNSETVNETLE ioctl() failed: %s.", strerror(errno));
abort();
}
int tap_fd_set_vnet_be(int fd, int is_be)
{
int arg = is_be ? 1 : 0;
if (!ioctl(fd, TUNSETVNETBE, &arg)) {
return 0;
}
/* Check if our kernel supports TUNSETVNETBE */
if (errno == EINVAL) {
return -errno;
}
error_report("TUNSETVNETBE ioctl() failed: %s.", strerror(errno));
abort();
}
void tap_fd_set_offload(int fd, int csum, int tso4,
int tso6, int ecn, int ufo)
{
unsigned int offload = 0;
/* Check if our kernel supports TUNSETOFFLOAD */
if (ioctl(fd, TUNSETOFFLOAD, 0) != 0 && errno == EINVAL) {
return;
}
if (csum) {
offload |= TUN_F_CSUM;
if (tso4)
offload |= TUN_F_TSO4;
if (tso6)
offload |= TUN_F_TSO6;
if ((tso4 || tso6) && ecn)
offload |= TUN_F_TSO_ECN;
if (ufo)
offload |= TUN_F_UFO;
}
if (ioctl(fd, TUNSETOFFLOAD, offload) != 0) {
offload &= ~TUN_F_UFO;
if (ioctl(fd, TUNSETOFFLOAD, offload) != 0) {
fprintf(stderr, "TUNSETOFFLOAD ioctl() failed: %s\n",
strerror(errno));
}
}
}
/* Enable a specific queue of tap. */
int tap_fd_enable(int fd)
{
struct ifreq ifr;
int ret;
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_ATTACH_QUEUE;
ret = ioctl(fd, TUNSETQUEUE, (void *) &ifr);
if (ret != 0) {
error_report("could not enable queue");
}
return ret;
}
/* Disable a specific queue of tap/ */
int tap_fd_disable(int fd)
{
struct ifreq ifr;
int ret;
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_DETACH_QUEUE;
ret = ioctl(fd, TUNSETQUEUE, (void *) &ifr);
if (ret != 0) {
error_report("could not disable queue");
}
return ret;
}
int tap_fd_get_ifname(int fd, char *ifname)
{
struct ifreq ifr;
if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
error_report("TUNGETIFF ioctl() failed: %s",
strerror(errno));
return -1;
}
pstrcpy(ifname, sizeof(ifr.ifr_name), ifr.ifr_name);
return 0;
}
int tap_fd_set_steering_ebpf(int fd, int prog_fd)
{
if (ioctl(fd, TUNSETSTEERINGEBPF, (void *) &prog_fd) != 0) {
error_report("Issue while setting TUNSETSTEERINGEBPF:"
" %s with fd: %d, prog_fd: %d",
strerror(errno), fd, prog_fd);
return -1;
}
return 0;
}