virtio net is using lots of manual mangling of iovecs; I don't see any obvious crashes but it does look scary since guest can manipulate iovecs. This patchset changes it to use iov_* functions which are safer.
On a recent linux kernel, new code will actually do less iovec processing because it is able to utilize support for mergeable buffer header size added in tun/tap in linux 2.6.35 - though I was unable to measure any speed difference. This also removes the restriction on buffer layout, aligning qemu with recent versions of virtio spec which imply that device should be prepared to handle e.g. virtio net header inline with the packet data in the same buffer. Tsted on x86 kvm only for now, would appreciate cross-endianness etc testing/reports. This is also why I split this to so many small patches to make bisect easier in case of problems. Michael S. Tsirkin (14): virtio-net: track host/guest header length iov: add const annotation iov: add iov_cpy virtio-net: avoid sg copy virtio-net: use safe iov operations for rx virtio-net: refactor receive_hdr virtio-net: first s/g is always at start of buf virtio-net: switch tx to safe iov functions virtio-net: simplify rx code virtio: don't mark unaccessed memory as dirty virtio-net: fix used len for tx virtio-net: minor code simplification virtio-net: test peer header support at init time virtio-net: enable mrg buf header in tap on linux hw/vhost_net.c | 13 ----- hw/virtio-net.c | 177 +++++++++++++++++++++++++++++++------------------------- hw/virtio.c | 2 +- iov.c | 25 +++++++- iov.h | 11 +++- 5 files changed, 132 insertions(+), 96 deletions(-) -- MST
