From: Eric Dumazet <edumazet@google.com>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: netdev <netdev@vger.kernel.org>, Saeed Mahameed <saeedm@mellanox.com>
Subject: Re: [Patch net v2] mlx5: fixup checksum for short ethernet frame padding
Date: Wed, 28 Nov 2018 07:00:46 -0800 [thread overview]
Message-ID: <CANn89iL4KM+VpE2ziHvppXZWhGUz-uuaMYTQPMkfxQooc4OpDw@mail.gmail.com> (raw)
In-Reply-To: <20181128061013.3885-1-xiyou.wangcong@gmail.com>
On Tue, Nov 27, 2018 at 10:10 PM Cong Wang <xiyou.wangcong@gmail.com> wrote:
>
> When an ethernet frame is padded to meet the minimum ethernet frame
> size, the padding octets are not covered by the hardware checksum.
> Fortunately the padding octets are ususally zero's, which don't affect
> checksum. However, we have a switch which pads non-zero octets, this
> causes kernel hardware checksum fault repeatedly.
>
> Prior to commit 88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends"),
> skb checksum is forced to be CHECKSUM_NONE when padding is detected.
> After it, we need to keep skb->csum updated, like what we do for FCS.
>
> The logic is a bit complicated when dealing with both FCS and padding,
> so I wrap it up in a helper function mlx5e_csum_padding().
>
> I tested this patch with RXFCS on and off, it works fine without any
> warning in both cases.
>
> Fixes: 88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends"),
> Cc: Saeed Mahameed <saeedm@mellanox.com>
> Cc: Eric Dumazet <edumazet@google.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
> ---
> .../net/ethernet/mellanox/mlx5/core/en_rx.c | 39 +++++++++++++++++++
> 1 file changed, 39 insertions(+)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
> index 16985ca3248d..9b6bd2b51556 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
> @@ -732,6 +732,37 @@ static u8 get_ip_proto(struct sk_buff *skb, __be16 proto)
> ((struct ipv6hdr *)ip_p)->nexthdr;
> }
>
> +static void mlx5e_csum_padding(struct sk_buff *skb, int network_depth,
> + __be16 proto, bool has_fcs)
> +{
> + u32 frame_len = has_fcs ? skb->len - ETH_FCS_LEN : skb->len;
> + u32 pad_offset, pad_len;
> + void *pad, *ip_p;
> +
> + /* We only handle short frames here, and we know they are linear. */
> + if (likely(frame_len > ETH_ZLEN))
> + return;
> +
> + ip_p = skb->data + network_depth;
> + if (proto == htons(ETH_P_IP)) {
> + struct iphdr *ipv4 = ip_p;
> +
> + pad_offset = network_depth + be16_to_cpu(ipv4->tot_len);
> + } else { /* Either IPv4 or IPv6 here. */
> + struct ipv6hdr *ipv6 = ip_p;
> +
> + pad_offset = network_depth + sizeof(struct ipv6hdr) +
> + be16_to_cpu(ipv6->payload_len);
> + }
> + pad_len = frame_len - pad_offset;
> + if (pad_len == 0)
> + return;
Nice packet of death alert.
pad_len can be 0xFFFFFF67 here, if frame_len is smaller than pad_offset.
Really I suggest you set ip_summed to CHECKSUM_NONE, then remove the
initial test ( if (likely(frame_len > ETH_ZLEN)) ...)
Until the firmware is fixed.
Otherwise frames with a wrong checksum and some non zero padding could
potentially
be seen as correct frames. (Probability of 1/65536)
Do not focus on your immediate problem (small packets being padded by
a non malicious entity)
> +
> + pad = skb->data + pad_offset;
> + skb->csum = csum_block_add(skb->csum, csum_partial(pad, pad_len, 0),
> + pad_offset);
> +}
> +
> static inline void mlx5e_handle_csum(struct net_device *netdev,
> struct mlx5_cqe64 *cqe,
> struct mlx5e_rq *rq,
> @@ -772,6 +803,14 @@ static inline void mlx5e_handle_csum(struct net_device *netdev,
> skb->csum = csum_block_add(skb->csum,
> (__force __wsum)mlx5e_get_fcs(skb),
> skb->len - ETH_FCS_LEN);
> +
> + /* CQE csum doesn't cover padding octets in short ethernet
> + * frames. And the pad field is appended prior to calculating
> + * and appending the FCS field.
> + */
> + mlx5e_csum_padding(skb, network_depth, proto,
> + !!(netdev->features & NETIF_F_RXFCS));
> +
> stats->csum_complete++;
> return;
> }
> --
> 2.19.1
>
next prev parent reply other threads:[~2018-11-29 2:02 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-28 6:10 [Patch net v2] mlx5: fixup checksum for short ethernet frame padding Cong Wang
2018-11-28 15:00 ` Eric Dumazet [this message]
2018-11-28 22:16 ` Cong Wang
2018-11-28 23:50 ` Eric Dumazet
2018-11-28 23:57 ` Cong Wang
2018-11-29 0:05 ` Cong Wang
2018-11-29 0:14 ` Eric Dumazet
2018-11-30 0:03 ` Saeed Mahameed
2018-11-29 0:07 ` Eric Dumazet
2018-11-29 3:40 ` Cong Wang
2018-11-29 3:49 ` Eric Dumazet
2018-11-29 3:53 ` Cong Wang
2018-11-29 4:09 ` Eric Dumazet
2018-11-30 0:30 ` Saeed Mahameed
2018-12-03 23:17 ` David Miller
2018-12-03 23:45 ` Cong Wang
2018-12-04 19:21 ` Saeed Mahameed
2018-12-04 20:50 ` Cong Wang
2018-12-05 1:06 ` Saeed Mahameed
2018-12-05 2:15 ` Cong Wang
2018-12-13 8:40 ` Nikola Ciprich
2018-12-13 17:08 ` Saeed Mahameed
2018-12-14 9:33 ` Nikola Ciprich
2019-01-05 18:35 ` Nikola Ciprich
2019-01-06 11:10 ` Saeed Mahameed
2019-01-18 1:19 ` Christoph Paasch
2019-01-19 0:45 ` Saeed Mahameed
2019-01-22 11:35 ` David Laight
2018-12-05 2:52 ` Cong Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANn89iL4KM+VpE2ziHvppXZWhGUz-uuaMYTQPMkfxQooc4OpDw@mail.gmail.com \
--to=edumazet@google.com \
--cc=netdev@vger.kernel.org \
--cc=saeedm@mellanox.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.