From: <Claudiu.Beznea@microchip.com>
To: <Tristram.Ha@microchip.com>
Cc: <UNGLinuxDriver@microchip.com>, <netdev@vger.kernel.org>,
<davem@davemloft.net>, <Nicolas.Ferre@microchip.com>
Subject: Re: [PATCH net] net: ethernet: cadence: fix socket buffer corruption problem
Date: Tue, 30 Oct 2018 13:23:46 +0000 [thread overview]
Message-ID: <eceb7dd3-c7bc-fa78-26dc-1da2e4a8cf4e@microchip.com> (raw)
In-Reply-To: <93AF473E2DA327428DE3D46B72B1E9FD411D076B@CHN-SV-EXMX02.mchp-main.com>
On 29.10.2018 23:40, Tristram Ha - C24268 wrote:
>> Could you, please, tell me if the above variable was false in your case?
>>
>> bool cloned = skb_cloned(*skb) || skb_header_cloned(*skb);
>>
>> If yes, then, the proper fix would be as follows:
>>
>> diff --git a/drivers/net/ethernet/cadence/macb_main.c
>> b/drivers/net/ethernet/cadence/macb_main.c
>> index 8f5bf9166c11..492a8e1a34cd 100644
>> --- a/drivers/net/ethernet/cadence/macb_main.c
>> +++ b/drivers/net/ethernet/cadence/macb_main.c
>> @@ -1690,7 +1690,7 @@ static int macb_pad_and_fcs(struct sk_buff **skb,
>> struct net_device *ndev)
>> padlen += ETH_FCS_LEN;
>> }
>>
>> - if (!cloned && headroom + tailroom >= padlen) {
>> + if (!cloned && headroom + tailroom >= ETH_FCS_LEN) {
>> (*skb)->data = memmove((*skb)->head, (*skb)->data, (*skb)->len);
>> skb_set_tail_pointer(*skb, (*skb)->len);
>> } else {
>>
>> Could you please check if it works in your case (and without your patch)?
>>
>
> Actually doing that reveals another bug:
>
> if (padlen) {
> if (padlen >= ETH_FCS_LEN)
> skb_put_zero(*skb, padlen - ETH_FCS_LEN);
> else
> skb_trim(*skb, ETH_FCS_LEN - padlen);
> }
>
> My fix calls skb_put_zero with zero length. Your change calls skb_trim which
> actually sets the socket buffer length to 1!
>
> When this problem happens headroom is 2, tailroom is 1, skb->len is 61, and
> padlen is 3.
>
Ok, I see now. Looking again, your fix is good. But, as you said, there is
the skb_trim() in this function that is wrong from the beginning (my bad).
I propose to remove it since, with your fix is not even reached anymore.
Could you check on your side that applying this on top of your patch, your
scenario is still working?
diff --git a/drivers/net/ethernet/cadence/macb_main.c
b/drivers/net/ethernet/cadence/macb_main.c
index 1d86b4d5645a..e1347d6d1b50 100644
--- a/drivers/net/ethernet/cadence/macb_main.c
+++ b/drivers/net/ethernet/cadence/macb_main.c
@@ -1702,12 +1702,8 @@ static int macb_pad_and_fcs(struct sk_buff **skb,
struct net_device *ndev)
*skb = nskb;
}
- if (padlen) {
- if (padlen >= ETH_FCS_LEN)
- skb_put_zero(*skb, padlen - ETH_FCS_LEN);
- else
- skb_trim(*skb, ETH_FCS_LEN - padlen);
- }
+ if (padlen > ETH_FCS_LEN)
+ skb_put_zero(*skb, padlen - ETH_FCS_LEN);
> DSA driver is being used. That is why the length is already padded to 60 bytes
> and 1-byte tail tag is added.
Ok, I see, I didn't test with such configurations.
>
> BTW, I am not sure while this macb_pad_and_fcs function was added. Is it to
> workaround some hardware bugs? The code is executed only when
> NETIF_IF_HW_CSUM is used. But if hardware tx checksumming is enabled why
> not also use the hardware to calculate CRC?
It was reported in [1] that UDP checksum is offloaded to hardware no matter
the application previously computed it.
The code should be executed only for packets that has checksum computed by
applications ((*skb)->ip_summed != CHECKSUM_PARTIAL). The idea was to not
recompute checksum for packets with checksum already computed. To do so,
while hardware checksum is enabled (NETIF_F_HW_CSUM), TX_NOCRC bit should
be set on buffer descriptor. But to do so, packets must have a minimum size
of 64 and FCS to be computed.
The NETIF_F_HW_CSUM check was placed there because the issue described in
[1] is reproducible because hardware checksum is enabled and overrides the
checksum provided by applications.
[1] https://www.spinics.net/lists/netdev/msg505065.html
>
> NETIF_F_SG is not enabled in the MAC I used, so enabling NETIF_IF_HW_CSUM
> is rather pointless. With the padding code the transmit throughput cannot get
> higher than 100Mbps in a gigabit connection.
>
> I would recommend to add this option to disable manual padding in one of those
> macb_config structures.
In this way the user would have to know from the beginning what kind of
packets are used.
Thank you,
Claudiu Beznea
>
next prev parent reply other threads:[~2018-10-30 22:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-24 21:51 [PATCH net] net: ethernet: cadence: fix socket buffer corruption problem Tristram.Ha
2018-10-25 18:32 ` David Miller
2018-10-25 18:41 ` Florian Fainelli
2018-10-29 15:04 ` Claudiu.Beznea
2018-10-29 21:40 ` Tristram.Ha
2018-10-30 13:23 ` Claudiu.Beznea [this message]
2018-10-30 19:36 ` Tristram.Ha
2018-10-31 7:45 ` Claudiu.Beznea
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eceb7dd3-c7bc-fa78-26dc-1da2e4a8cf4e@microchip.com \
--to=claudiu.beznea@microchip.com \
--cc=Nicolas.Ferre@microchip.com \
--cc=Tristram.Ha@microchip.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).