From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=eW54RbHk; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 4AF1E5A0627 for ; Mon, 23 Mar 2026 23:51:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202602; t=1774306292; bh=bd80I9nVu7I3daDOAymK0Vo40LGYG+1jAazDpLE2Gsg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=eW54RbHkV9TQZ689rp8af4nrsNF5+4ThhKI5gVhpuuPS/ols+DRKR4lVhjBfg4FjQ luJKoJp3YjbCE2z/IpL70poecpftNs+9mqrf6q+3W+7YaU8BYYwmKSrrHt/yE4OLVJ XLEYB/pVMlPji5GczSdRITOkJKO5eBugPgXE/k4vsmXe/pKS4vyFyO+J9tKfxbqb2e t1D00k4B/0ObKx2tN+oX+VuRZpLxT+OzbK2BLpD06wkqncJQ+B9vxo/MtXNESD4lFN X8K31ncPIVYCpuZdIOM5rEJ7Z6nGVf5xHfEOUxM6jEtq8jwY1U/kQmWt68k/zBJxG4 3wcfoLiKX5t9Q== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4ffpLr6gz7z4wCm; Tue, 24 Mar 2026 09:51:32 +1100 (AEDT) Date: Tue, 24 Mar 2026 09:40:17 +1100 From: David Gibson To: Laurent Vivier Subject: Re: [PATCH] vhost_user: Offer VIRTIO_NET_F_GUEST_CSUM Message-ID: References: <20260323180149.1268399-1-lvivier@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="j6GDSy+jKluVM/Ei" Content-Disposition: inline In-Reply-To: <20260323180149.1268399-1-lvivier@redhat.com> Message-ID-Hash: EPGFFIFOXXRY2HDDQCDP56J27A2O5R72 X-Message-ID-Hash: EPGFFIFOXXRY2HDDQCDP56J27A2O5R72 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --j6GDSy+jKluVM/Ei Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 23, 2026 at 07:01:49PM +0100, Laurent Vivier wrote: > According to the virtio-net specification, when the VIRTIO_NET_F_GUEST_CS= UM > is negotiated, the device can set VIRTIO_NET_HDR_F_DATA_VALID in the > virtio-net header to indicate that packet checksums have been validated, > allowing the guest to skip verification. Without this feature, the device > must provide fully checksummed packets. >=20 > The vhost-user TCP and UDP paths were unconditionally skipping checksum > computation, regardless of whether GUEST_CSUM was negotiated. This > went undetected with Linux guests because Linux's virtio-net driver > honours VIRTIO_NET_HDR_F_DATA_VALID regardless of whether > VIRTIO_NET_F_GUEST_CSUM was negotiated, marking such packets as > CHECKSUM_UNNECESSARY and skipping verification. >=20 > iPXE, however, does not negotiate GUEST_CSUM, ignores the DATA_VALID > flag entirely, and always verifies checksums. This caused TCP > connections to fail: the SYN-ACK had a zero TCP checksum, iPXE rejected > it, and the connection timed out in SYN_RCVD. >=20 > Adding --pcap happened to mask the bug, because the pcap code path > forces checksum computation to ensure correct captures. >=20 > Offer VIRTIO_NET_F_GUEST_CSUM in the device features, and only skip > checksum computation when the guest has actually negotiated it. When > GUEST_CSUM is not negotiated, always compute valid checksums as required > by the specification. >=20 > We keep setting VIRTIO_NET_HDR_F_DATA_VALID unconditionally in > VU_HEADER: when GUEST_CSUM is negotiated, the flag lets the guest skip > checksum verification; when it is not, the spec says the guest should > ignore the flags field, so setting it is harmless. >=20 > Signed-off-by: Laurent Vivier Reviewed-by: David Gibson > --- >=20 > Notes: > Based-on: 20260323165259.1253482-1-lvivier@redhat.com >=20 > tcp_vu.c | 8 ++++++-- > udp_vu.c | 6 ++++-- > vhost_user.c | 1 + > 3 files changed, 11 insertions(+), 4 deletions(-) >=20 > diff --git a/tcp_vu.c b/tcp_vu.c > index 776b47aea18c..2ab56f25a9be 100644 > --- a/tcp_vu.c > +++ b/tcp_vu.c > @@ -172,7 +172,9 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_= tap_conn *conn, int flags) > seq--; > =20 > payload =3D IOV_TAIL(flags_elem[0].in_sg, iov_cnt, VNET_HLEN); > - tcp_fill_headers(c, conn, CONN_V4(conn), &payload, -1, seq, !*c->pcap); > + tcp_fill_headers(c, conn, CONN_V4(conn), &payload, -1, seq, > + vu_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM) && > + !*c->pcap); > =20 > if (*c->pcap) > pcap_iov(flags_elem[0].in_sg, iov_cnt, VNET_HLEN); > @@ -512,7 +514,9 @@ int tcp_vu_data_from_sock(const struct ctx *c, struct= tcp_tap_conn *conn) > check =3D -1; > previous_dlen =3D dlen; > =20 > - tcp_vu_prepare(c, conn, iov, iov_cnt, &check, !*c->pcap, push); > + tcp_vu_prepare(c, conn, iov, iov_cnt, &check, > + vu_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM) && > + !*c->pcap, push); > =20 > if (*c->pcap) > pcap_iov(iov, iov_cnt, VNET_HLEN); > diff --git a/udp_vu.c b/udp_vu.c > index 80391b4f8788..7ed271403481 100644 > --- a/udp_vu.c > +++ b/udp_vu.c > @@ -223,10 +223,12 @@ void udp_vu_sock_to_tap(const struct ctx *c, int s,= int n, flow_sidx_t tosidx) > vu_set_vnethdr(iov_vu[0].iov_base, elem_used); > iov_drop_header(&data, VNET_HLEN); > udp_vu_prepare(c, &data, toside); > - if (*c->pcap) { > + if (!vu_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM) || > + *c->pcap) { > udp_vu_csum(toside, &data); > - pcap_iov(data.iov, data.cnt, data.off); > } > + if (*c->pcap) > + pcap_iov(data.iov, data.cnt, data.off); > vu_flush(vdev, vq, elem, elem_used); > } > } > diff --git a/vhost_user.c b/vhost_user.c > index 75665ec6522f..08a7b2d74099 100644 > --- a/vhost_user.c > +++ b/vhost_user.c > @@ -322,6 +322,7 @@ static bool vu_get_features_exec(struct vu_dev *vdev, > { > uint64_t features =3D > 1ULL << VIRTIO_F_VERSION_1 | > + 1ULL << VIRTIO_NET_F_GUEST_CSUM | > 1ULL << VIRTIO_NET_F_MRG_RXBUF | > 1ULL << VHOST_F_LOG_ALL | > 1ULL << VHOST_USER_F_PROTOCOL_FEATURES; > --=20 > 2.53.0 >=20 --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --j6GDSy+jKluVM/Ei Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmnBwTsACgkQzQJF27ox 2Gej2A//SWs0u6E7fdV2z6q2LawX+GoIyVQXs5FYj3t5QiWxdh8i70+bICWLzrN+ uPdeYZ76ldgtm+B+V7hSE0o377bmZsjYzRWSx2FZZsqjxWu0fl5GW65UcSTPuNbu zeEkkDDLq0He7SciCBz9bcyPRavpnBCLrP+RbNDfSOmQw18l+ygg6GguLKWERctN FokQQF+9b20/SSW9J17dZjfK/iuVpqIu2shZd26j0hZUXdW5ZK5HSTqlxBBVwIGH /sLIzGtrVuPX/EgsBum9PMIJ1hG2u/PZr2BQdSz8FwXLfPwkdtzSXNvFEzzpkBlF /eHSXfKg+KmqQsaonL5RXasNO+lU3Z5hiyJJbVYGeT15nHTHedNaJkZlU8pgeyK3 zQqHVbCQjJfvJeBhvGP+KM6VKKmYhtxj4nJVe3aROQ63nj1gNu/5yaHW5A//5RPK L/pQh8h5B12M6bPBxiy48GjzFNRH6s5qQCbcGCWYQK1plO9V2LGXmaP2O/EGjQJ1 spTHjzCpXd2QvUGnXZNPmuzGg8Z5UxkoTJGifLY9W3ZUnlREW2FC+12eh9xf6MKD 8oAcf3D40JwqHJ6+PF+BqCvfQiizkCRWhFpNIN34St1HOQ9paDmgNCMbY03k5NtN BfdNwJ1dDTGDkDVFL5zcxWb123oLbr0n7YthY4pASdKGZGbrCPc= =1l5p -----END PGP SIGNATURE----- --j6GDSy+jKluVM/Ei--