From a1555559ab5bad24fcd1c56fd39284afad8f5af7 Mon Sep 17 00:00:00 2001
From: Isaac Lozano <109lozanoi@gmail.com>
Date: Fri, 25 Mar 2016 03:42:15 -0700
Subject: [PATCH 1/5] util: Improved qemu_hexmap() to include an ascii dump of
 the buffer

qemu_hexdump() in util/hexdump.c has been changed to give also include a
ascii dump of the buffer. Also, calls to hex_dump() in net/net.c have
been replaced with calls to qemu_hexdump(). This takes care of two misc
BiteSized Tasks.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Isaac Lozano <109lozanoi@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c      | 30 +-----------------------------
 util/hexdump.c | 33 ++++++++++++++++++++++-----------
 2 files changed, 23 insertions(+), 40 deletions(-)

diff --git a/net/net.c b/net/net.c
index 594c3b8b5d..0bc42a1e5b 100644
--- a/net/net.c
+++ b/net/net.c
@@ -81,34 +81,6 @@ int default_net = 1;
 /***********************************************************/
 /* network device redirectors */
 
-#if defined(DEBUG_NET)
-static void hex_dump(FILE *f, const uint8_t *buf, int size)
-{
-    int len, i, j, c;
-
-    for(i=0;i<size;i+=16) {
-        len = size - i;
-        if (len > 16)
-            len = 16;
-        fprintf(f, "%08x ", i);
-        for(j=0;j<16;j++) {
-            if (j < len)
-                fprintf(f, " %02x", buf[i+j]);
-            else
-                fprintf(f, "   ");
-        }
-        fprintf(f, " ");
-        for(j=0;j<len;j++) {
-            c = buf[i+j];
-            if (c < ' ' || c > '~')
-                c = '.';
-            fprintf(f, "%c", c);
-        }
-        fprintf(f, "\n");
-    }
-}
-#endif
-
 static int get_str_sep(char *buf, int buf_size, const char **pp, int sep)
 {
     const char *p, *p1;
@@ -664,7 +636,7 @@ static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender,
 
 #ifdef DEBUG_NET
     printf("qemu_send_packet_async:\n");
-    hex_dump(stdout, buf, size);
+    qemu_hexdump((const char *)buf, stdout, "net", size);
 #endif
 
     if (sender->link_down || !sender->peer) {
diff --git a/util/hexdump.c b/util/hexdump.c
index 1d9c12967b..f879ff0ad6 100644
--- a/util/hexdump.c
+++ b/util/hexdump.c
@@ -18,21 +18,32 @@
 
 void qemu_hexdump(const char *buf, FILE *fp, const char *prefix, size_t size)
 {
-    unsigned int b;
+    unsigned int b, len, i, c;
 
-    for (b = 0; b < size; b++) {
-        if ((b % 16) == 0) {
-            fprintf(fp, "%s: %04x:", prefix, b);
+    for (b = 0; b < size; b += 16) {
+        len = size - b;
+        if (len > 16) {
+            len = 16;
         }
-        if ((b % 4) == 0) {
-            fprintf(fp, " ");
+        fprintf(fp, "%s: %04x:", prefix, b);
+        for (i = 0; i < 16; i++) {
+            if ((i % 4) == 0) {
+                fprintf(fp, " ");
+            }
+            if (i < len) {
+                fprintf(fp, " %02x", (unsigned char)buf[b + i]);
+            } else {
+                fprintf(fp, "   ");
+            }
         }
-        fprintf(fp, " %02x", (unsigned char)buf[b]);
-        if ((b % 16) == 15) {
-            fprintf(fp, "\n");
+        fprintf(fp, " ");
+        for (i = 0; i < len; i++) {
+            c = buf[b + i];
+            if (c < ' ' || c > '~') {
+                c = '.';
+            }
+            fprintf(fp, "%c", c);
         }
-    }
-    if ((b % 16) != 0) {
         fprintf(fp, "\n");
     }
 }

From 74044c8ffc10c2cfd76f80c785c3f6a6f101a662 Mon Sep 17 00:00:00 2001
From: Pooja Dhannawat <dhannawatpooja1@gmail.com>
Date: Mon, 28 Mar 2016 18:04:11 +0530
Subject: [PATCH 2/5] net: Allocating Large sized arrays to heap

nc_sendv_compat has a huge stack usage of 69680 bytes approx.
Moving large arrays to heap to reduce stack usage.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Pooja Dhannawat <dhannawatpooja1@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/net/net.c b/net/net.c
index 0bc42a1e5b..f8b1e00f37 100644
--- a/net/net.c
+++ b/net/net.c
@@ -683,23 +683,28 @@ ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size)
 static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
                                int iovcnt, unsigned flags)
 {
-    uint8_t buf[NET_BUFSIZE];
+    uint8_t *buf = NULL;
     uint8_t *buffer;
     size_t offset;
+    ssize_t ret;
 
     if (iovcnt == 1) {
         buffer = iov[0].iov_base;
         offset = iov[0].iov_len;
     } else {
+        buf = g_new(uint8_t, NET_BUFSIZE);
         buffer = buf;
-        offset = iov_to_buf(iov, iovcnt, 0, buf, sizeof(buf));
+        offset = iov_to_buf(iov, iovcnt, 0, buf, NET_BUFSIZE);
     }
 
     if (flags & QEMU_NET_PACKET_FLAG_RAW && nc->info->receive_raw) {
-        return nc->info->receive_raw(nc, buffer, offset);
+        ret = nc->info->receive_raw(nc, buffer, offset);
     } else {
-        return nc->info->receive(nc, buffer, offset);
+        ret = nc->info->receive(nc, buffer, offset);
     }
+
+    g_free(buf);
+    return ret;
 }
 
 ssize_t qemu_deliver_packet_iov(NetClientState *sender,

From 044d65525f6ac2093042ae18dbf8c1300b5c1c18 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 31 Mar 2016 16:28:56 +0200
Subject: [PATCH 3/5] net: fix OptsVisitor memory leak

Fixes 96a1616("qapi-dealloc: Reduce use outside of generated code")
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/net.c b/net/net.c
index f8b1e00f37..0ad6217cb9 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1077,6 +1077,7 @@ int net_client_init(QemuOpts *opts, int is_netdev, Error **errp)
     }
 
     error_propagate(errp, err);
+    opts_visitor_cleanup(ov);
     return ret;
 }
 

From 91731d5f6d85ca33e7c151e8feac3d5cfafec4d4 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Mon, 9 Nov 2015 14:45:17 +0800
Subject: [PATCH 4/5] rtl8139: using CP_TX_OWN for ownership transferring
 during tx

Through CP_TX_OWN and CP_RX_OWN points to the same bit, we'd better use
CP_TX_OWN for tx descriptor handling.

Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 hw/net/rtl8139.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index fee97bf607..1e5ec149fa 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2046,7 +2046,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
     }
 
     /* transfer ownership to target */
-    txdw0 &= ~CP_RX_OWN;
+    txdw0 &= ~CP_TX_OWN;
 
     /* reset error indicator bits */
     txdw0 &= ~CP_TX_STATUS_UNF;

From e0a039e50d481dce6b4ee45a29002538a258cd89 Mon Sep 17 00:00:00 2001
From: zhanghailiang <zhang.zhanghailiang@huawei.com>
Date: Tue, 5 Apr 2016 11:43:55 +0800
Subject: [PATCH 5/5] filter-buffer: fix segfault when starting qemu with
 status=off property

After commit 338d3f, we support 'status' property for filter object.
The segfault can be triggered by starting qemu with 'status=off' property
for filter, when the s->incoming_queue is NULL, we reference it directly
in qemu_net_queue_flush() which was called in status_changed() callback
function.

We shouldn't trigger status_changed() before the filter was initialized,
We can check the value of 'nf->netdev' to confirm if the filter is
initialized or not, so let's check its value before calling
status_changed().

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/filter.c b/net/filter.c
index 1c4fc5a2c7..8ac79f3b7b 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -164,7 +164,7 @@ static void netfilter_set_status(Object *obj, const char *str, Error **errp)
         return;
     }
     nf->on = !nf->on;
-    if (nfc->status_changed) {
+    if (nf->netdev && nfc->status_changed) {
         nfc->status_changed(nf, errp);
     }
 }