From: Stefan Hajnoczi <stefanha@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, Jason Wang <jasowang@redhat.com>
Subject: Re: [PATCH for-7.2 v3 3/3] rtl8139: honor large send MSS value
Date: Thu, 13 Apr 2023 13:24:25 -0400 [thread overview]
Message-ID: <20230413172425.GB2864043@fedora> (raw)
In-Reply-To: <CAFEAcA_hkABS_ydCOiDxvZh71s916o0y2Gm5rht-FPDjzVbpLA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1875 bytes --]
On Thu, Apr 13, 2023 at 04:38:52PM +0100, Peter Maydell wrote:
> On Thu, 17 Nov 2022 at 16:58, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> >
> > The Large-Send Task Offload Tx Descriptor (9.2.1 Transmit) has a
> > Large-Send MSS value where the driver specifies the MSS. See the
> > datasheet here:
> > http://realtek.info/pdf/rtl8139cp.pdf
> >
> > The code ignores this value and uses a hardcoded MSS of 1500 bytes
> > instead. When the MTU is less than 1500 bytes the hardcoded value
> > results in IP fragmentation and poor performance.
> >
> > Use the Large-Send MSS value to correctly size Large-Send packets.
> >
> > Jason Wang <jasowang@redhat.com> noticed that the Large-Send MSS value
> > mask was incorrect so it is adjusted to match the datasheet and Linux
> > 8139cp driver.
>
> Hi Stefan -- in v2 of this patch
>
> https://lore.kernel.org/qemu-devel/20221116154122.1705399-1-stefanha@redhat.com/
>
> there was a check for "is the specified large_send_mss value
> too small?":
>
> + /* MSS too small? */
> + if (tcp_hlen + hlen >= large_send_mss) {
> + goto skip_offload;
> + }
>
> but it isn't present in this final version of the patch which
> went into git. Was that deliberately dropped?
>
> I ask because the fuzzers have discovered that if you feed this
> device a descriptor where the large_send_mss value is 0, then
> we will now do a division by zero and crash:
> https://gitlab.com/qemu-project/qemu/-/issues/1582
>
> (The datasheet, naturally, says nothing at all about what
> happens if the descriptor contains a bogus MSS value.)
Yes, I dropped that deliberately and forgot to add a large_send_mss == 0
check. Sorry!
I have sent a patch:
https://patchew.org/QEMU/20230413171946.2865726-1-stefanha@redhat.com/
Thanks,
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2023-04-13 17:25 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-17 16:55 [PATCH for-7.2 v3 0/3] rtl8139: honor large send MSS value Stefan Hajnoczi
2022-11-17 16:55 ` [PATCH for-7.2 v3 1/3] rtl8139: avoid clobbering tx descriptor bits Stefan Hajnoczi
2022-11-18 7:18 ` Philippe Mathieu-Daudé
2022-11-21 4:16 ` Jason Wang
2022-11-21 12:31 ` Stefan Hajnoczi
2022-11-17 16:55 ` [PATCH for-7.2 v3 2/3] rtl8139: keep Tx command mode 0 and 1 separate Stefan Hajnoczi
2022-11-18 7:25 ` Philippe Mathieu-Daudé
2022-11-21 4:16 ` Jason Wang
2022-11-17 16:55 ` [PATCH for-7.2 v3 3/3] rtl8139: honor large send MSS value Stefan Hajnoczi
2022-11-17 17:51 ` Russell King (Oracle)
2022-11-17 18:05 ` Stefan Hajnoczi
2022-11-18 7:24 ` Philippe Mathieu-Daudé
2022-11-21 4:16 ` Jason Wang
2023-04-13 15:38 ` Peter Maydell
2023-04-13 17:24 ` Stefan Hajnoczi [this message]
2022-11-18 7:27 ` [PATCH for-7.2 v3 0/3] " Philippe Mathieu-Daudé
2022-11-21 15:55 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230413172425.GB2864043@fedora \
--to=stefanha@redhat.com \
--cc=jasowang@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.