From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=RzLIbg2C;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 2E3A55A0265
	for <passt-dev@passt.top>; Tue, 07 Apr 2026 05:58:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202602; t=1775534334;
	bh=MSX7rxBkT9UF56nw6n0M8y3xdhGhGkrohUXMhEhD5SE=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=RzLIbg2CXf66SdwRW9IoHbQySCsA6QSlipgsw41QNbxoZyoFPhlmzsYW+kBvpMmne
	 scri1FJBrf/aEaYbC0ff+NTKcT3x76MWyox1Xl+RjgWpCiMhe/zCPUrc8h976jpRta
	 TEvw9wN5qgUNghZW/mRMamg6gR783V/EDvZkyfb04AqHFpmyKbzvPPHJhDoNw4myVH
	 p7l8HIZH4EqTuY2nols/lCto6zc8dTQAcnmR7pDEc4WXkyIWARmAG/tn+9LGfroCSX
	 2KceJCrUCZZ6OltJPgfbhoLuwrV2jS5igTEwbGMsNdzhnflH+pvDxu2b1vB9n/tdv7
	 CdD3yMkkrdnAA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4fqXW269fxz4wL8; Tue, 07 Apr 2026 13:58:54 +1000 (AEST)
Date: Tue, 7 Apr 2026 13:44:53 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Laurent Vivier <lvivier@redhat.com>
Subject: Re: [PATCH 1/2] vhost_user: Offer VIRTIO_NET_F_GUEST_CSUM
Message-ID: <adR9tTqBqG464ELc@zatzit>
References: <20260403080204.2364581-1-lvivier@redhat.com>
 <20260403080204.2364581-2-lvivier@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="Z2oCWi/Icp5Wemy3"
Content-Disposition: inline
In-Reply-To: <20260403080204.2364581-2-lvivier@redhat.com>
Message-ID-Hash: KOE7LUAGSEGKUHRFG22DHFQZ3XZH4KMK
X-Message-ID-Hash: KOE7LUAGSEGKUHRFG22DHFQZ3XZH4KMK
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/adR9tTqBqG464ELc@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/KOE7LUAGSEGKUHRFG22DHFQZ3XZH4KMK/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--Z2oCWi/Icp5Wemy3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Apr 03, 2026 at 10:02:03AM +0200, Laurent Vivier wrote:
> According to the virtio-net specification, when the VIRTIO_NET_F_GUEST_CS=
UM
> is negotiated, the device can set VIRTIO_NET_HDR_F_DATA_VALID in the
> virtio-net header to indicate that packet checksums have been validated,
> allowing the guest to skip verification. Without this feature, the device
> must provide fully checksummed packets.
>=20
> The vhost-user TCP and UDP paths were unconditionally skipping checksum
> computation, regardless of whether GUEST_CSUM was negotiated. This
> went undetected with Linux guests because Linux's virtio-net driver
> honours VIRTIO_NET_HDR_F_DATA_VALID regardless of whether
> VIRTIO_NET_F_GUEST_CSUM was negotiated, marking such packets as
> CHECKSUM_UNNECESSARY and skipping verification.
>=20
> iPXE, however, does not negotiate GUEST_CSUM, ignores the DATA_VALID
> flag entirely, and always verifies checksums. This caused TCP
> connections to fail: the SYN-ACK had a zero TCP checksum, iPXE rejected
> it, and the connection timed out in SYN_RCVD.
>=20
> Adding --pcap happened to mask the bug, because the pcap code path
> forces checksum computation to ensure correct captures.
>=20
> Offer VIRTIO_NET_F_GUEST_CSUM in the device features, and only skip
> checksum computation when the guest has actually negotiated it. When
> GUEST_CSUM is not negotiated, always compute valid checksums as required
> by the specification.
>=20
> We keep setting VIRTIO_NET_HDR_F_DATA_VALID unconditionally in
> VU_HEADER: when GUEST_CSUM is negotiated, the flag lets the guest skip
> checksum verification; when it is not, the spec says the guest should
> ignore the flags field, so setting it is harmless.
>=20
> Signed-off-by: Laurent Vivier <lvivier@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  tcp_vu.c     | 8 ++++++--
>  udp_vu.c     | 7 ++++---
>  vhost_user.c | 1 +
>  3 files changed, 11 insertions(+), 5 deletions(-)
>=20
> diff --git a/tcp_vu.c b/tcp_vu.c
> index 1927b14e0962..49d39e7de201 100644
> --- a/tcp_vu.c
> +++ b/tcp_vu.c
> @@ -126,6 +126,7 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_=
tap_conn *conn, int flags)
>  	struct vu_virtq *vq =3D &vdev->vq[VHOST_USER_RX_QUEUE];
>  	size_t optlen, hdrlen, iov_cnt, iov_used;
>  	struct vu_virtq_element flags_elem[2];
> +	uint32_t csum_flags =3D IP4_CSUM;
>  	struct iovec flags_iov[64];
>  	struct tcp_syn_opts opts;
>  	struct iov_tail payload;
> @@ -137,6 +138,9 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_=
tap_conn *conn, int flags)
>  	int elem_cnt;
>  	int ret;
> =20
> +	if (*c->pcap || !vu_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM))
> +		csum_flags |=3D TCP_CSUM;
> +
>  	hdrlen =3D tcp_vu_hdrlen(CONN_V6(conn));
> =20
>  	elem_cnt =3D vu_collect(vdev, vq, &flags_elem[0], 1,
> @@ -175,7 +179,7 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_=
tap_conn *conn, int flags)
>  	iov_from_buf(payload.iov, payload.cnt, payload.off, &opts, optlen);
>  	tcp_fill_headers(c, conn, &eh, CONN_V4(conn) ? &ip4h : NULL,
>  			 CONN_V6(conn) ? &ip6h : NULL, &th, &payload,
> -			 optlen, IP4_CSUM | (*c->pcap ? TCP_CSUM : 0), seq);
> +			 optlen, csum_flags, seq);
> =20
>  	vu_pad(flags_elem[0].in_sg, iov_cnt, hdrlen + optlen);
>  	vu_flush(vdev, vq, flags_elem, elem_cnt, hdrlen + optlen);
> @@ -516,7 +520,7 @@ int tcp_vu_data_from_sock(const struct ctx *c, struct=
 tcp_tap_conn *conn)
> =20
>  	hdrlen =3D tcp_vu_hdrlen(v6);
>  	check =3D IP4_CSUM;
> -	if (*c->pcap)
> +	if (*c->pcap || !vu_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM))
>  		check |=3D TCP_CSUM;
>  	for (i =3D 0, previous_dlen =3D -1; i < frame_cnt; i++) {
>  		struct iovec *iov =3D &iov_vu[frame[i].idx_iovec];
> diff --git a/udp_vu.c b/udp_vu.c
> index 5bc9509a1b98..ed888a2baab3 100644
> --- a/udp_vu.c
> +++ b/udp_vu.c
> @@ -234,12 +234,13 @@ void udp_vu_sock_to_tap(const struct ctx *c, int s,=
 int n, flow_sidx_t tosidx)
>  		if (iov_cnt > 0) {
>  			struct iov_tail data =3D IOV_TAIL(iov_vu, iov_cnt, VNET_HLEN);
>  			size_t l4len =3D udp_vu_prepare(c, &data, toside, dlen);
> -			if (*c->pcap) {
> +			if (!vu_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM) ||
> +			    *c->pcap)
>  				udp_vu_csum(toside, &data, l4len);
> +			vu_pad(iov_vu, iov_cnt, hdrlen + dlen);
> +			if (*c->pcap)
>  				pcap_iov(iov_vu, iov_cnt, VNET_HLEN,
>  					 hdrlen + dlen - VNET_HLEN);
> -			}
> -			vu_pad(iov_vu, iov_cnt, hdrlen + dlen);
>  			vu_flush(vdev, vq, elem, elem_used, hdrlen + dlen);
>  			vu_queue_notify(vdev, vq);
>  		}
> diff --git a/vhost_user.c b/vhost_user.c
> index f062badd3311..a1259c2624c0 100644
> --- a/vhost_user.c
> +++ b/vhost_user.c
> @@ -322,6 +322,7 @@ static bool vu_get_features_exec(struct vu_dev *vdev,
>  {
>  	uint64_t features =3D
>  		1ULL << VIRTIO_F_VERSION_1 |
> +		1ULL << VIRTIO_NET_F_GUEST_CSUM |
>  		1ULL << VIRTIO_NET_F_MRG_RXBUF |
>  		1ULL << VHOST_F_LOG_ALL |
>  		1ULL << VHOST_USER_F_PROTOCOL_FEATURES;
> --=20
> 2.53.0
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--Z2oCWi/Icp5Wemy3
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmnUfakACgkQzQJF27ox
2GfBAw//YPSW9OXc0BaHgdLlVqNlSJGA5x4xNrM0l1q0wYF8VLhLO5UmHnQvCwZ7
MY3yQORWg7t6Nxz/Id/OmRbIdgh4QtezawHfTk0T+Djpo4toDWBElG7LlBE5F3Ye
TCF/2V2dpaUN8ieMCTxAvwEWdLsFgvk7PkWlot3UUYhIdoRxa19vjuOKf3r66qZr
9DTP+ZXTBm5BmVhB8ShnHNVnaPLqJqqPKdOzgRrkBHhsQWs6CG1/x8LCef87jVH2
o58YPmVXFNMWiucNwDG/XlsrZsyrM+fmuyJMzENXcZzhgqeh41keYeLQoxamUocv
lwGqyNJR4yc+9XcyqUDsZN+U4alV/VmSa+5Yzb+Ij0xfcSDNk4g3vq39F54lw1BP
FiNTcBe4gw5E4+bP4t4wJ1gpl5ezt3ee7mz1EzbYTgt4eahftKIx2DPdAsT0TG4W
YfSyzZ5QNF6dTNhru+4uRBtWBcOVh5dXRYlOc8eGcNm65WEb3doBYkxJ5q5AY/5C
9KLo7GPBUbrmVHoe2Z+7CTPCPz2OAM2RG4gGHmBB5lV9JGKu7Q8NebYzyJftjVD5
gjwaGxvgcnGwv8vvWAuqAxXLw+/FsQ8tYRQ4sqob6Wu1hXAkuRQZleibrU1QWyE5
WTpbrSEqefhhLQA2Hp0Gs8EBhVR9Ovb8bE8N6Lnr/mEZNvIDpmc=
=mK4A
-----END PGP SIGNATURE-----

--Z2oCWi/Icp5Wemy3--