similar to: [PATCH] xen-netback: allow changing the MAC address of the interface

hyperv_net: - set min/max_mtu, per Haiyang, after rndis_filter_device_add virtio_net: - set min/max_mtu - remove virtnet_change_mtu vmxnet3: - set min/max_mtu xen-netback: - min_mtu = 0, max_mtu = 65517 xen-netfront: - min_mtu = 0, max_mtu = 65535 unisys/visor: - clean up defines a little to not clash with network core or add redundat definitions CC: netdev at vger.kernel.org CC:

hyperv_net: - set min/max_mtu, per Haiyang, after rndis_filter_device_add virtio_net: - set min/max_mtu - remove virtnet_change_mtu vmxnet3: - set min/max_mtu xen-netback: - min_mtu = 0, max_mtu = 65517 xen-netfront: - min_mtu = 0, max_mtu = 65535 unisys/visor: - clean up defines a little to not clash with network core or add redundat definitions CC: netdev at vger.kernel.org CC:

This patch adds code to handle SKB_GSO_TCPV6 skbs and construct appropriate extra or prefix segments to pass the large packet to the frontend. New xenstore flags, feature-gso-tcpv6 and feature-gso-tcpv6-prefix, are sampled to determine if the frontend is capable of handling such packets. Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: David

time_after_eq() only works if the delta is < MAX_ULONG/2. For a 32bit Dom0, if netfront sends packets at a very low rate, the time between subsequent calls to tx_credit_exceeded() may exceed MAX_ULONG/2 and the test for timer_after_eq() will be incorrect. Credit will not be replenished and the guest may become unable to send packets (e.g., if prior to the long gap, all credit was exhausted).

On Thu, Oct 20, 2016 at 01:55:21PM -0400, Jarod Wilson wrote: > hyperv_net: > - set min/max_mtu, per Haiyang, after rndis_filter_device_add > > virtio_net: > - set min/max_mtu > - remove virtnet_change_mtu > vmxnet3: > - set min/max_mtu > > xen-netback: > - min_mtu = 0, max_mtu = 65517 > > xen-netfront: > - min_mtu = 0, max_mtu = 65535 > >

On Wed, Jan 11, 2012 at 04:52:36PM +0800, Zhenzhong Duan wrote: > add polling interface to xen-netfront device to support netconsole > Ian, any thoughts on the spinlock changes? > Signed-off-by: Tina.Yang <tina.yang@oracle.com> > Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > Cc: Jeremy Fitzhardinge <jeremy@goop.org> > Signed-off-by: Zhenzhong.Duan

A buggy or malicious frontend should not be able to confuse netback. If we spot anything which is not as it should be then shutdown the device and don''t try to continue with the ring in a potentially hostile state. Well behaved and non-hostile frontends will not be penalised. As well as making the existing checks for such errors fatal also add a new check that ensures that there

Netback and netfront only use one event channel to do tx / rx notification. This may cause unnecessary wake-up of process routines. This patch adds a new feature called feautre-split-event-channel to netback, enabling it to handle Tx and Rx event separately. Netback will use tx_irq to notify guest for tx completion, rx_irq for rx notification. If frontend doesn''t support this feature,

VM traffic is already limited by a throughput limit, but there is no control over the maximum packet per second (PPS). In DDOS attack the major issue is rather PPS than throughput. With provider offering more bandwidth to VMs, it becames easy to coordinate a massive attack using VMs. Example: 100Mbits ~ 200kpps using 64B packets. This patch provides a new option to limit VMs maximum packets per

On 11/17/2014 06:08 PM, Michael S. Tsirkin wrote: > On Mon, Nov 17, 2014 at 05:17:18PM +0800, Jason Wang wrote: >> This patch tries to detect the possible buggy features advertised by host >> and sanitize them. One example is booting virtio-net with only ctrl_vq >> disabled, qemu may still advertise many features which depends on it. This >> will trigger several BUG()s

On 11/17/2014 06:08 PM, Michael S. Tsirkin wrote: > On Mon, Nov 17, 2014 at 05:17:18PM +0800, Jason Wang wrote: >> This patch tries to detect the possible buggy features advertised by host >> and sanitize them. One example is booting virtio-net with only ctrl_vq >> disabled, qemu may still advertise many features which depends on it. This >> will trigger several BUG()s

Not tested in any way. The original code for offload setting seems broken as it resets the features on every netback reconnect. This will set GSO_ROBUST at device creation time (earlier than connect time). RX checksum offload is forced on - so advertise as it is. Signed-off-by: Micha? Miros?aw <mirq-linux at rere.qmqm.pl> --- [I don't know Xen code enough to say this is correct. There

Not tested in any way. The original code for offload setting seems broken as it resets the features on every netback reconnect. This will set GSO_ROBUST at device creation time (earlier than connect time). RX checksum offload is forced on - so advertise as it is. Signed-off-by: Micha? Miros?aw <mirq-linux at rere.qmqm.pl> --- [I don't know Xen code enough to say this is correct. There

Not tested in any way. The original code for offload setting seems broken as it resets the features on every netback reconnect. This will set GSO_ROBUST at device creation time (earlier than connect time). RX checksum offload is forced on - so advertise as it is. Signed-off-by: Micha? Miros?aw <mirq-linux at rere.qmqm.pl> --- [I don't know Xen code enough to say this is correct. There

This patch tries to detect the possible buggy features advertised by host and sanitize them. One example is booting virtio-net with only ctrl_vq disabled, qemu may still advertise many features which depends on it. This will trigger several BUG()s in virtnet_send_command(). This patch utilizes the sanitize_features() method, and disables all features that depends on ctrl_vq if it was not

This patch tries to detect the possible buggy features advertised by host and sanitize them. One example is booting virtio-net with only ctrl_vq disabled, qemu may still advertise many features which depends on it. This will trigger several BUG()s in virtnet_send_command(). This patch utilizes the sanitize_features() method, and disables all features that depends on ctrl_vq if it was not

On Wed, Mar 01, 2023 at 01:59:52PM +0000, Rob Bradford via B4 Relay wrote: > From: Rob Bradford <rbradford at rivosinc.com> > > Since the following commit virtio-net on kvmtool has printed a warning > during the probe: > > commit dbcf24d153884439dad30484a0e3f02350692e4c > Author: Jason Wang <jasowang at redhat.com> > Date: Tue Aug 17 16:06:59 2021 +0800 >

The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an

--- drivers/net/xen-netback/common.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h index 477e5ab..f3d95b3 100644 --- a/drivers/net/xen-netback/common.h +++ b/drivers/net/xen-netback/common.h @@ -60,9 +60,9 @@ struct xenvif_rx_meta { #define MAX_BUFFER_OFFSET PAGE_SIZE #define

Jason, is there any reason why the same isn''t needed in netfront? Thanks, Jan