lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 30 Jan 2022 01:42:15 -0300
From:   Luiz Angelo Daros de Luca <luizluca@...il.com>
To:     Frank Wunderlich <frank-w@...lic-files.de>
Cc:     Alvin Šipraga <ALSI@...g-olufsen.dk>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linus.walleij@...aro.org" <linus.walleij@...aro.org>,
        "andrew@...n.ch" <andrew@...n.ch>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "olteanv@...il.com" <olteanv@...il.com>,
        "arinc.unal@...nc9.com" <arinc.unal@...nc9.com>
Subject: Re: Re: Re: Re: [PATCH net-next v4 11/11] net: dsa: realtek:
 rtl8365mb: multiple cpu ports, non cpu extint

> > I suggested it might be checksum problem because I'm also affected. In
> > my case, I have an mt7620a SoC connected to the rtl8367s switch. The
> > OS offloads checksum to HW but the mt7620a cannot calculate the
> > checksum with the (EtherType) Realtek CPU Tag in place. I'll try to
> > move the CPU tag to test if the mt7620a will then digest the frame
> > correctly.
>
> I implemented a new DSA tag (rtl8_4t, with "t" as in trailing) that
> puts the DSA tag before the Ethernet CRC (the switch supports both).
> With no tag in the mac layer, mediatek correctly calculated the ip
> checksum. However, mediatek SoC included the extra bytes from the DSA
> tag in the TCP checksum, even if they are after the ip length.
>
> This is the packet leaving the OS:
>
> 0000   04 0e 3c fc 4f aa 50 d4 f7 33 15 8a 08 00 45 10
> 0010   00 3c 00 00 40 00 40 06 b7 58 c0 a8 01 01 c0 a8
> 0020   01 02 00 16 a1 50 80 da 39 e9 b2 2a 23 cf a0 12
> 0030   fe 88 83 82 00 00 02 04 05 b4 04 02 08 0a 01 64
> 0040   fb 28 66 42 e0 79 01 03 03 03 88 99 04 00 00 20
> 0050   00 08
>
> TCP checksum is at 0x0032 with 0x8382 is the tcp checksum
> DSA Tag is at 0x4a with 8899040000200008
>
> This is what arrived at the other end:
>
> 0000   04 0e 3c fc 4f aa 50 d4 f7 33 15 8a 08 00 45 10
> 0010   00 3c 00 00 40 00 40 06 b7 58 c0 a8 01 01 c0 a8
> 0020   01 02 00 16 a1 50 80 da 39 e9 b2 2a 23 cf a0 12
> 0030   fe 88 c3 e8 00 00 02 04 05 b4 04 02 08 0a 01 64
> 0040   fb 28 66 42 e0 79 01 03 03 03
>
> TCP checksum is 0xc3e8, but the correct one should be 0x50aa
> If you calculate tcp checksum including 8899040000200008, you'll get exactly
> 0xc3e8 (I did the math).
>
> So, If we use a trailing DSA tag, we can leave the IP checksum offloading on
> and just turn off the TCP checksum offload. Is it worth it?

No, IP checksum is always done in SW.

> Is it still interesting to have the rtl8_4t merged?

Maybe it is. It has uncovered a problem. The case of trailing tags
seems to be unsolvable even with csum_start. AFAIK, the driver must
cksum from "skb->csum_start up to the end". When the switch is using
an incompatible tag, we have:

slave(): my features copied from master tells me I can offload
checksum. Do nothing
tagger(): add tag to the end of skb
master(): Offloading HW, chksum from csum_start until the end,
including the added tag
switch(): remove the tag, forward to the network
remove_client(): I got a packet with a broken checksum.

ndo_features_check() will not help because, either in HW or SW, it is
expected to calculate the checksum up to the end. However, there is no
csum_end or csum_len. I don't know if HW offloading will support some
kind of csum_end but it would not be a problem in SW (considering
skb_checksum_help() is adapted to something like skb_checksum_trimmed
without the clone).

That amount of bytes to ignore at the end is a complex question: the
driver either needs some hint (like it happens with skb->csum_offset)
to know where transport payload ends or the taggers (or the dsa) must
save the amount of extra bytes (or which tags were added) in the
sbk_buff. With that info, the driver can check if HW will work with a
different csum_start / csum_end or if only a supported tag is in use.

In my case, using an incompatible tailing tag, I just made it work
hacking dsa and forcing slave interfaces to disable offloading. This
way, checksum is calculated before any tag is added and offloading is
skipped. But it is not a real solution.

Regards,

Luiz,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ