From: Paolo Abeni <pabeni@redhat.com>
To: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Network Development <netdev@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Steffen Klassert <steffen.klassert@secunet.com>,
Alexander Lobakin <alobakin@pm.me>
Subject: Re: [PATCH net-next 1/8] udp: fixup csum for GSO receive slow path
Date: Mon, 22 Mar 2021 17:34:05 +0100 [thread overview]
Message-ID: <43f56578c91f8abd8e3d1e8c73be1c4d5162089f.camel@redhat.com> (raw)
In-Reply-To: <CA+FuTScSPJAh+6XnwnP32W+OmEzCVi8aKundnt2dJNzoKgUthg@mail.gmail.com>
On Mon, 2021-03-22 at 09:18 -0400, Willem de Bruijn wrote:
> On Sun, Mar 21, 2021 at 1:01 PM Paolo Abeni <pabeni@redhat.com> wrote:
> > When looping back UDP GSO over UDP tunnel packets to an UDP socket,
> > the individual packet csum is currently set to CSUM_NONE. That causes
> > unexpected/wrong csum validation errors later in the UDP receive path.
> >
> > We could possibly addressing the issue with some additional check and
> > csum mangling in the UDP tunnel code. Since the issue affects only
> > this UDP receive slow path, let's set a suitable csum status there.
> >
> > Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> > ---
> > include/net/udp.h | 18 ++++++++++++++++++
> > net/ipv4/udp.c | 10 ++++++++++
> > net/ipv6/udp.c | 5 +++++
> > 3 files changed, 33 insertions(+)
> >
> > diff --git a/include/net/udp.h b/include/net/udp.h
> > index d4d064c592328..007683eb3e113 100644
> > --- a/include/net/udp.h
> > +++ b/include/net/udp.h
> > @@ -515,6 +515,24 @@ static inline struct sk_buff *udp_rcv_segment(struct sock *sk,
> > return segs;
> > }
> >
> > +static inline void udp_post_segment_fix_csum(struct sk_buff *skb, int level)
> > +{
> > + /* UDP-lite can't land here - no GRO */
> > + WARN_ON_ONCE(UDP_SKB_CB(skb)->partial_cov);
> > +
> > + /* GRO already validated the csum up to 'level', and we just
> > + * consumed one header, update the skb accordingly
> > + */
> > + UDP_SKB_CB(skb)->cscov = skb->len;
> > + if (level) {
> > + skb->ip_summed = CHECKSUM_UNNECESSARY;
> > + skb->csum_level = 0;
> > + } else {
> > + skb->ip_summed = CHECKSUM_NONE;
> > + skb->csum_valid = 1;
> > + }
>
> why does this function also update these fields for non-tunneled
> packets? the commit only describes an issue with tunneled packets.
>
> > +}
> > +
> > #ifdef CONFIG_BPF_SYSCALL
> > struct sk_psock;
> > struct proto *udp_bpf_get_proto(struct sock *sk, struct sk_psock *psock);
> > diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> > index 4a0478b17243a..ff54135c51ffa 100644
> > --- a/net/ipv4/udp.c
> > +++ b/net/ipv4/udp.c
> > @@ -2168,6 +2168,7 @@ static int udp_queue_rcv_one_skb(struct sock *sk, struct sk_buff *skb)
> > static int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
> > {
> > struct sk_buff *next, *segs;
> > + int csum_level;
> > int ret;
> >
> > if (likely(!udp_unexpected_gso(sk, skb)))
> > @@ -2175,9 +2176,18 @@ static int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
> >
> > BUILD_BUG_ON(sizeof(struct udp_skb_cb) > SKB_GSO_CB_OFFSET);
> > __skb_push(skb, -skb_mac_offset(skb));
> > + csum_level = !!(skb_shinfo(skb)->gso_type &
> > + (SKB_GSO_UDP_TUNNEL | SKB_GSO_UDP_TUNNEL_CSUM));
> > segs = udp_rcv_segment(sk, skb, true);
> > skb_list_walk_safe(segs, skb, next) {
> > __skb_pull(skb, skb_transport_offset(skb));
> > +
> > + /* UDP GSO packets looped back after adding UDP encap land here with CHECKSUM none,
> > + * instead of adding another check in the tunnel fastpath, we can force valid
> > + * csums here (packets are locally generated).
> > + * Additionally fixup the UDP CB
> > + */
> > + udp_post_segment_fix_csum(skb, csum_level);
>
> How does this code differentiates locally generated packets with udp
> tunnel headers from packets arriving from the wire, for which the
> inner checksum may be incorrect?
First thing first, thank you for the detailed review. Digesting all the
comments will take time, so please excuse for some latency.
I'll try to reply to both your question here because the replies are
related.
My understanding is that UDP GRO, when processing UDP over UDP traffic
with the appropriate features bit set, will validate the checksum for
both the inner and the outer header - udp{4,6}_gro_receive will be
traversed twice, the fist one for the outer header, the 2nd for the
inner.
So when we reach here, the inner header csum could not be incorrect,
and I don't do anything to differentiate locally generated GSO packets
and GROed one to keep the code simpler.
The udp_post_segment_fix_csum() always set the csum info - even for non
tunneled packets to avoid additional branches/make the code more
complex. The csum should be valid in any scenario.
I guess I can mention the above either in a code comment and/or in the
commit message.
Cheers,
Paolo
next prev parent reply other threads:[~2021-03-22 16:35 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-21 17:01 [PATCH net-next 0/8] udp: GRO L4 improvements Paolo Abeni
2021-03-21 17:01 ` [PATCH net-next 1/8] udp: fixup csum for GSO receive slow path Paolo Abeni
2021-03-22 13:18 ` Willem de Bruijn
2021-03-22 16:34 ` Paolo Abeni [this message]
2021-03-24 1:45 ` Willem de Bruijn
2021-03-24 1:49 ` Willem de Bruijn
2021-03-24 14:37 ` Paolo Abeni
2021-03-24 22:36 ` Willem de Bruijn
2021-03-25 10:56 ` Paolo Abeni
2021-03-25 13:53 ` Willem de Bruijn
2021-03-25 16:47 ` Paolo Abeni
2021-03-21 17:01 ` [PATCH net-next 2/8] udp: skip fwd/list GRO for tunnel packets Paolo Abeni
2021-03-22 13:24 ` Willem de Bruijn
2021-03-22 16:41 ` Paolo Abeni
2021-03-24 1:54 ` Willem de Bruijn
2021-03-24 14:50 ` ! Paolo Abeni
2021-03-24 22:45 ` ! Willem de Bruijn
2021-03-21 17:01 ` [PATCH net-next 3/8] udp: properly complete L4 GRO over UDP tunnel packet Paolo Abeni
2021-03-22 13:30 ` Willem de Bruijn
2021-03-22 16:59 ` Paolo Abeni
2021-03-24 2:13 ` Willem de Bruijn
2021-03-21 17:01 ` [PATCH net-next 4/8] udp: never accept GSO_FRAGLIST packets Paolo Abeni
2021-03-22 13:42 ` Willem de Bruijn
2021-03-22 17:09 ` Paolo Abeni
2021-03-24 2:21 ` Willem de Bruijn
2021-03-24 18:59 ` Paolo Abeni
2021-03-24 22:12 ` Willem de Bruijn
2021-03-25 11:50 ` Paolo Abeni
2021-03-21 17:01 ` [PATCH net-next 5/8] vxlan: allow L4 GRO passthrou Paolo Abeni
2021-03-21 17:01 ` [PATCH net-next 6/8] geneve: allow UDP " Paolo Abeni
2021-03-21 17:01 ` [PATCH net-next 7/8] bareudp: " Paolo Abeni
2021-03-21 17:01 ` [PATCH net-next 8/8] selftests: net: add UDP GRO forwarding self-tests Paolo Abeni
2021-03-22 13:44 ` Willem de Bruijn
2021-03-22 17:18 ` Paolo Abeni
2021-03-23 17:12 ` Paolo Abeni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43f56578c91f8abd8e3d1e8c73be1c4d5162089f.camel@redhat.com \
--to=pabeni@redhat.com \
--cc=alobakin@pm.me \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).