| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jul 2017 20:20:00 +0800
From: Jason Wang <jasowang@...hat.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: virtualization@...ts.linux-foundation.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] virtio-net: unbreak cusmed packet for small buffer
XDP
On 2017年07月04日 01:03, Michael S. Tsirkin wrote:
> On Wed, Jun 28, 2017 at 08:05:06PM +0800, Jason Wang wrote:
>>
>> On 2017年06月28日 12:01, Michael S. Tsirkin wrote:
>>> On Wed, Jun 28, 2017 at 11:40:30AM +0800, Jason Wang wrote:
>>>> On 2017年06月28日 11:31, Michael S. Tsirkin wrote:
>>>>> On Wed, Jun 28, 2017 at 10:45:18AM +0800, Jason Wang wrote:
>>>>>> On 2017年06月28日 10:17, Michael S. Tsirkin wrote:
>>>>>>> On Wed, Jun 28, 2017 at 10:14:34AM +0800, Jason Wang wrote:
>>>>>>>> On 2017年06月28日 10:02, Michael S. Tsirkin wrote:
>>>>>>>>> On Wed, Jun 28, 2017 at 09:54:03AM +0800, Jason Wang wrote:
>>>>>>>>>> We should allow csumed packet for small buffer, otherwise XDP_PASS
>>>>>>>>>> won't work correctly.
>>>>>>>>>>
>>>>>>>>>> Fixes commit bb91accf2733 ("virtio-net: XDP support for small buffers")
>>>>>>>>>> Signed-off-by: Jason Wang<jasowang@...hat.com>
>>>>>>>>> The issue would be VIRTIO_NET_HDR_F_DATA_VALID might be set.
>>>>>>>>> What do you think?
>>>>>>>> I think it's safe. For XDP_PASS, it work like in the past.
>>>>>>> That's the part I don't get. With DATA_VALID csum in packet is wrong, XDP
>>>>>>> tools assume it's value.
>>>>>> DATA_VALID is CHECKSUM_UNCESSARY on the host, and according to the comment
>>>>>> in skbuff.h
>>>>>>
>>>>>>
>>>>>> "
>>>>>> * The hardware you're dealing with doesn't calculate the full checksum
>>>>>> * (as in CHECKSUM_COMPLETE), but it does parse headers and verify
>>>>>> checksums
>>>>>> * for specific protocols. For such packets it will set
>>>>>> CHECKSUM_UNNECESSARY
>>>>>> * if their checksums are okay. skb->csum is still undefined in this case
>>>>>> * though. A driver or device must never modify the checksum field in the
>>>>>> * packet even if checksum is verified.
>>>>>> "
>>>>>>
>>>>>> The csum is correct I believe?
>>>>>>
>>>>>> Thanks
>>>>> That's on input. But I think for tun it's output, where that is equivalent
>>>>> to CHECKSUM_NONE
>>>>>
>>>>>
>>>> Yes, but the comment said:
>>>>
>>>> "
>>>> CKSUM_NONE:
>>>> *
>>>> * The skb was already checksummed by the protocol, or a checksum is not
>>>> * required.
>>>> *
>>>> * CHECKSUM_UNNECESSARY:
>>>> *
>>>> * This has the same meaning on as CHECKSUM_NONE for checksum offload on
>>>> * output.
>>>> *
>>>> "
>>>>
>>>> So still correct I think?
>>>>
>>>> Thanks
>>> Hmm maybe I mean NEEDS_CHECKSUM actually.
>>>
>>> I'll need to re-read the spec.
>>>
>> Not sure this is an issue. But if it is, we can probably checksum the packet
>> before passing it to XDP. But it would be a little slow.
>>
>> Thanks
>
>
> Right. I confused DATA_VALID with NEEDS_CHECKSUM.
>
> IIUC XDP generally refuses to attach if checksum offload
> is enabled.
Any reason to do this? (Looks like I don't see any code for this)
>
> Could you pls explain how to reproduce the issue you are seeing?
>
Using small buffer, all csumed packets will be dropped.
Thanks
Powered by blists - more mailing lists