From nobody Wed Oct 8 08:32:39 2025 Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09FAA28E5F3; Mon, 30 Jun 2025 14:42:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294572; cv=none; b=A9pEiYj4MzcSEZfObiCQUh/uSujNQ4gnyk93Tmeg563DmV+4fzoP4KoVFb7CEJqKUIzaYl8sp8hp9QKl3eBBUfk29oYBNphH07wv6CJGUSqb+Kvfl6wzAZacOqr4UgOgnJQO6PKuR+QGMstonS2QkdqDu7GMQgubVewr6N1lxtI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294572; c=relaxed/simple; bh=yXGAI8fsp9QAmSJK3IamseOR28dXJb3MxGrhuL4c8hA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RDE7j1pxrFQpeBh9dNeLqK5aUGCcgEIXB0ta3pLwgEwO8r54NjuoXyNQ6EKW5AI2Ag1F85jXkK2EyeBSYBS3w+tAaJ6+YKG/YWGUdXJqMnrhgBVd5Lsiic2ZhaEJ7YC9JVr7lw3u9Qym7lruhPizPFgYd5A0DqgJvVKIO0V1pIA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=k/KgzVaY; arc=none smtp.client-ip=209.85.216.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="k/KgzVaY" Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-313154270bbso2129675a91.2; Mon, 30 Jun 2025 07:42:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751294570; x=1751899370; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TatuTvD/KRI25aZVKetSkdRBKo49t17GGxSNN77vHt4=; b=k/KgzVaYC5/wDF7IKDPIk2ygBCdaqI8o+f9izu0GcP7E5UKi13a8GBNfILMUfYGbQO 2iCb3i0JbcNcodQ8WynF6f1CKHT8gTY49XvON2A8tqMilqr0fubAi10jZNJCbDM+pv9M vBflnmfdusiDjez1oEsO8kXHc/5Ul+5qkOvQdLLv7alL0AhYGLMSJ5+Tz1Blns8OblE6 ueO+kfpqakKGbIa8E+lsdVboglV0gNne6/vCR3n2EHSodz7Kx9nLrwARvU9Q0Xqz+y5d soP31ThEGD36AMawpA7BR+69vCW2YSL4sE2qH+jAbNs2/4/hIKQZObSIWJanpQreQSZX wiuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751294570; x=1751899370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TatuTvD/KRI25aZVKetSkdRBKo49t17GGxSNN77vHt4=; b=DGJd7rQX7MJEAdBgYxj+ne/kKhDDUlSU62nHHhhLahL8CDQ+PcyiEy/+ZrlV/PxAz8 X2+FCg2esiw4RSAOmSQKlMew6V+ywTvSnOyn9ct0idHu8CrZ+1KL0aqBV/VP0j2NWqJL 1kHA2ZAAb4+aGj79mY1Nmr6Ymur4hLf8pvbbaCt0keNUF+E1WGuhoq221KC5NV0MQ8Bi eNDrBnrXsKEX2eN8Zs3YY7afYY4hGTgrdzujBa00aJPuXZIsX067JWkJXMjJsMOxfJzW r9GTuPVMAO4QefUP9T+UseM5BH79YaLbtvWTDd8ulf8L8HjpOVynC8Jeeo2452b/UQTx yDcw== X-Forwarded-Encrypted: i=1; AJvYcCUuJ5KU6A18JY+Op6rwBzVkyVsd2+uF4c/MQ6DAZ+dg0KqgfAMOaALpG2XFrjDuKJTClk3w7Me0Y8X8bbQq@vger.kernel.org, AJvYcCW7DxVmHQmIh9dqvAP+XkSIHS78WxYrLNXD/GQPq3CFE+y/7Jpx/xixeqtOTNiTvmTVa34=@vger.kernel.org, AJvYcCWLlJbREvyyOQI5xbGPuMvKA1Tmw691PbR/yZXumL7cMqC8rWgTgbQxmkV56VDMDqkEXwTqbBEp@vger.kernel.org X-Gm-Message-State: AOJu0YxNesvRxNxaBiHCHO2LCLFkN0CTBwpJcliEzv7EbqN2JPMqtTuR bQLSYG6Lu1DlWR+gJT08DgbJHIYf7lr9qExtRVzuz+Pz7cn2We/0mvp0jLsQCw== X-Gm-Gg: ASbGnctQjqKBWDC7QeT5f1aS0/gCD02nmMt6fRqyew91c5xrs/QKmdWmscNTCO2lT0+ kCpln1Z21sLcI6W5bpW27UGJ5+BMmFWNvqnNM8pjnv6xL2sIjmivNaSaTB986aCXToJZyLutD9p 5vamjBckb4xNxV/tolqeI1WdVhXd263jTduVY1mPrN+r6kJyFhPSMo1U+yNEyVWQXoJJ1ulW4MA BQCMuT3bUlUmPvvKZ6zE8EHEDsarz6n1JGtBpEPXk/N/sZO815HdA0AI6Y0g5szKK9BgcnP3TKk gXe8XEcy4O3g43T4XfpS7yxigU5J9gbCa5z2lWMTpv2r9HYp76KczGj9mprElMAOhRMpA6wC1DB 6 X-Google-Smtp-Source: AGHT+IETLZuBDgN03KgQWXJ9JG6CGzKwn4TSRbQqf09y4q790qyn1wuwU+dXImOnss1ZphjmrXsFHQ== X-Received: by 2002:a17:90b:5445:b0:311:c970:c9c0 with SMTP id 98e67ed59e1d1-318c9243c49mr16601470a91.22.1751294569638; Mon, 30 Jun 2025 07:42:49 -0700 (PDT) Received: from minh.192.168.1.1 ([2001:ee0:4f0e:fb30:2f51:de71:60e:eca9]) by smtp.googlemail.com with ESMTPSA id 98e67ed59e1d1-318c13a270csm9170017a91.16.2025.06.30.07.42.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Jun 2025 07:42:49 -0700 (PDT) From: Bui Quang Minh To: netdev@vger.kernel.org Cc: "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , Stanislav Fomichev , virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, Bui Quang Minh , stable@vger.kernel.org Subject: [PATCH net v2 1/3] virtio-net: ensure the received length does not exceed allocated size Date: Mon, 30 Jun 2025 21:42:10 +0700 Message-ID: <20250630144212.48471-2-minhquangbui99@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250630144212.48471-1-minhquangbui99@gmail.com> References: <20250630144212.48471-1-minhquangbui99@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. Cc: Fixes: 4941d472bf95 ("virtio-net: do not reset during XDP set") Signed-off-by: Bui Quang Minh Acked-by: Jason Wang --- drivers/net/virtio_net.c | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..31661bcb3932 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -778,6 +778,26 @@ static unsigned int mergeable_ctx_to_truesize(void *mr= g_ctx) return (unsigned long)mrg_ctx & ((1 << MRG_CTX_HEADER_SHIFT) - 1); } =20 +static int check_mergeable_len(struct net_device *dev, void *mrg_ctx, + unsigned int len) +{ + unsigned int headroom, tailroom, room, truesize; + + truesize =3D mergeable_ctx_to_truesize(mrg_ctx); + headroom =3D mergeable_ctx_to_headroom(mrg_ctx); + tailroom =3D headroom ? sizeof(struct skb_shared_info) : 0; + room =3D SKB_DATA_ALIGN(headroom + tailroom); + + if (len > truesize - room) { + pr_debug("%s: rx error: len %u exceeds truesize %lu\n", + dev->name, len, (unsigned long)(truesize - room)); + DEV_STATS_INC(dev, rx_length_errors); + return -1; + } + + return 0; +} + static struct sk_buff *virtnet_build_skb(void *buf, unsigned int buflen, unsigned int headroom, unsigned int len) @@ -1797,7 +1817,8 @@ static unsigned int virtnet_get_headroom(struct virtn= et_info *vi) * across multiple buffers (num_buf > 1), and we make sure buffers * have enough headroom. */ -static struct page *xdp_linearize_page(struct receive_queue *rq, +static struct page *xdp_linearize_page(struct net_device *dev, + struct receive_queue *rq, int *num_buf, struct page *p, int offset, @@ -1817,18 +1838,27 @@ static struct page *xdp_linearize_page(struct recei= ve_queue *rq, memcpy(page_address(page) + page_off, page_address(p) + offset, *len); page_off +=3D *len; =20 + /* Only mergeable mode can go inside this while loop. In small mode, + * *num_buf =3D=3D 1, so it cannot go inside. + */ while (--*num_buf) { unsigned int buflen; void *buf; + void *ctx; int off; =20 - buf =3D virtnet_rq_get_buf(rq, &buflen, NULL); + buf =3D virtnet_rq_get_buf(rq, &buflen, &ctx); if (unlikely(!buf)) goto err_buf; =20 p =3D virt_to_head_page(buf); off =3D buf - page_address(p); =20 + if (check_mergeable_len(dev, ctx, buflen)) { + put_page(p); + goto err_buf; + } + /* guard against a misconfigured or uncooperative backend that * is sending packet larger than the MTU. */ @@ -1917,7 +1947,7 @@ static struct sk_buff *receive_small_xdp(struct net_d= evice *dev, headroom =3D vi->hdr_len + header_offset; buflen =3D SKB_DATA_ALIGN(GOOD_PACKET_LEN + headroom) + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); - xdp_page =3D xdp_linearize_page(rq, &num_buf, page, + xdp_page =3D xdp_linearize_page(dev, rq, &num_buf, page, offset, header_offset, &tlen); if (!xdp_page) @@ -2252,7 +2282,7 @@ static void *mergeable_xdp_get_buf(struct virtnet_inf= o *vi, */ if (!xdp_prog->aux->xdp_has_frags) { /* linearize data for XDP */ - xdp_page =3D xdp_linearize_page(rq, num_buf, + xdp_page =3D xdp_linearize_page(vi->dev, rq, num_buf, *page, offset, XDP_PACKET_HEADROOM, len); --=20 2.43.0 From nobody Wed Oct 8 08:32:39 2025 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B616928E5F3; Mon, 30 Jun 2025 14:42:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294578; cv=none; b=FyDUqEW8IGTmix0Z1XZJW/3B1y8n0OqnXjlz6RT+pPUQ/ftwPHzW73m3W4diRWiX3/hD2uAy+kzQ4173SC+LA+X19XZpGbCYuO/9kRRHDvk55TCCLjp+xNg6OXpumAmnOdECpNjrdSGScTnV5/wZHazgVAqSaLOKAzgIGdH7Bv4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294578; c=relaxed/simple; bh=BSZ5vT3FSMrvM5IrsoJDnsX7sNGVr+Y34WTBiYQdwUs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vGDJU+W7zE9c2d1prUft3QW6cr/VsOFfFHOETWdRvXZRu0Gm93KsOyTwr1r0Ou8p5YsKP//U1+oPejwY1mjfXNKq77cEZXbQ66WOgNejh2iBvL7QRhhuYoripWHjKqnA2AiNy42nQjPhYcn9dPz3IXtTFqj/fh9GJVBSGR+zKlI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VqsTFAst; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VqsTFAst" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-23636167b30so17800465ad.1; Mon, 30 Jun 2025 07:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751294575; x=1751899375; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YLmL/hbSV60WQ5txcK/zp8yoe+ubCK5iYtglAmsrLSE=; b=VqsTFAstirc2FUxDnAUxU2kJksb1QqFkTMO0L8XXINGfUkVukIWXE0i/4Z5I6Y+jM6 52O6o5KktskoczysvnFOXHpOAuPmK2u1RZ9ZxHdZr7SVL+kBLPZZauXEl31Pzl8xEuNc CKJLlO+paztSs0MNlEV9RV9ykoyMfXMOooGOag43K7a2g/Eleg64Oc7kp4wJBQtgceZN QGNSvP8u1MMJoz0WlTg/su/SCDwNPmmhFkv8ps/CXSCDKJRj4L48GZVlUDKGmB3m5ASn wfvs7IBe0yLimlrzDhvd3/EaAJhMQUVEb0T9odOadHQiYTPJeAcjGaCfEI80HiBCYEVm B3CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751294575; x=1751899375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YLmL/hbSV60WQ5txcK/zp8yoe+ubCK5iYtglAmsrLSE=; b=mfWe3FBOHmQI4+HbsRWZDyunvIGHTeMkL5OZa9buUtpNQVlM1ZapkkrHGBCzpvI1uS mTcKmn/XQOxDhc9mE4IWpNhsqRxaFRrhU+KBmiL3Z0oNpDh9+cXGLyEc6HI0G/CiyhgD k/1zUGal1htlZj9h6TQpk3AmpJqDqSx0AfEz2+DRy+Kt0SLjhlZTj+dqzDoHPSyO1Ix3 jfxpxCVc9W2bKzbdmMey0xpa8CHwn06ktQB8KaZA6Aid7/iO+mfGE2g/edEabexRj0TO X0OCWTfqxVUApu1RK+iJ17+Jf8S4j1zLJhlCUIB56JYu7vIOBouZakO3EvhuS1CHS9mt jxbA== X-Forwarded-Encrypted: i=1; AJvYcCUCETNfcV0s2f8JQ2Z4VJ1QfTacmwZ3fGE8JkcPk0AQaTul247JX7VxBEVapehmvhgeLIObwgT+0UiTFl1d@vger.kernel.org, AJvYcCVMakvbs6uC7mD6FpTKwNWdzmmK3BU9soqA3Yo4W0ulri/F7yowsRoYC5+u06FidvmIdcs=@vger.kernel.org X-Gm-Message-State: AOJu0YwKaCCY5UEus1GK4WHhiOaop7WXtnXBet3F00alXJodcYS5qXSb Z1xdpzLQ/l8LCML9Mbvly7zJvCYK7+iZJp8UrdFNooAjpcnJ3i5JJP3NmMDHGw== X-Gm-Gg: ASbGncudoob+xWZGXqNmr9eMh2p/HaEBf2A8ty6fRtNyLCr8mxLfDmYYB6yBd4dMOKK /cNI1Zafl7PPfaNoOh0qjUYnc1zIrjFz7W72iHKqSgZ+CJ37MQPfkuB07fHoihg7MOVTWgfCzB/ GU+qX3woAk9cQrpILGpXGFjJ9EVyERN8PZxeFZIu9PrVc97+9n0CZQGZMseTps36276yp4jerHU 6V5z3Q/x8pffxmvrq1kD63OeVEwZ1T8YUVkv/8XTjpS0ItL9tfW3Q57JINzRWexyxf8iBoPElSZ BjYo4MtSC65Dwq05TxjloSJbsWej5m93bcPUy5EGzLWM16DlDhBx3N0i+DY6+PlvowG90JyB3W1 E X-Google-Smtp-Source: AGHT+IFYuZr8i/s3T0h77aKO3ys5BfKYJLS5aKf0P+CB6IP+gtk0942n8ugs4IGHLFscQ/B6DDNpGw== X-Received: by 2002:a17:90b:3b82:b0:315:c77b:37d6 with SMTP id 98e67ed59e1d1-318c92ef8e1mr17269051a91.23.1751294575415; Mon, 30 Jun 2025 07:42:55 -0700 (PDT) Received: from minh.192.168.1.1 ([2001:ee0:4f0e:fb30:2f51:de71:60e:eca9]) by smtp.googlemail.com with ESMTPSA id 98e67ed59e1d1-318c13a270csm9170017a91.16.2025.06.30.07.42.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Jun 2025 07:42:55 -0700 (PDT) From: Bui Quang Minh To: netdev@vger.kernel.org Cc: "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , Stanislav Fomichev , virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, Bui Quang Minh Subject: [PATCH net v2 2/3] virtio-net: remove redundant truesize check with PAGE_SIZE Date: Mon, 30 Jun 2025 21:42:11 +0700 Message-ID: <20250630144212.48471-3-minhquangbui99@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250630144212.48471-1-minhquangbui99@gmail.com> References: <20250630144212.48471-1-minhquangbui99@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The truesize is guaranteed not to exceed PAGE_SIZE in get_mergeable_buf_len(). It is saved in mergeable context, which is not changeable by the host side, so the check in receive path is quite redundant. Acked-by: Jason Wang Signed-off-by: Bui Quang Minh --- drivers/net/virtio_net.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 31661bcb3932..535a4534c27f 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -2157,9 +2157,9 @@ static int virtnet_build_xdp_buff_mrg(struct net_devi= ce *dev, { struct virtio_net_hdr_mrg_rxbuf *hdr =3D buf; unsigned int headroom, tailroom, room; - unsigned int truesize, cur_frag_size; struct skb_shared_info *shinfo; unsigned int xdp_frags_truesz =3D 0; + unsigned int truesize; struct page *page; skb_frag_t *frag; int offset; @@ -2207,9 +2207,8 @@ static int virtnet_build_xdp_buff_mrg(struct net_devi= ce *dev, tailroom =3D headroom ? sizeof(struct skb_shared_info) : 0; room =3D SKB_DATA_ALIGN(headroom + tailroom); =20 - cur_frag_size =3D truesize; - xdp_frags_truesz +=3D cur_frag_size; - if (unlikely(len > truesize - room || cur_frag_size > PAGE_SIZE)) { + xdp_frags_truesz +=3D truesize; + if (unlikely(len > truesize - room)) { put_page(page); pr_debug("%s: rx error: len %u exceeds truesize %lu\n", dev->name, len, (unsigned long)(truesize - room)); --=20 2.43.0 From nobody Wed Oct 8 08:32:39 2025 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F15B28C868; Mon, 30 Jun 2025 14:43:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294585; cv=none; b=D3wwmdacUwSSFsfnnwlghDnowiI5aTxs8SOpTyiFnJlKtIe+hEZzV30kwkZwwh5oatuMwY7a0JaAKG5QFuv7omZ7dOnafLaZKm1xJ2TCF9NFkG39dy//Phl6dyBAQmNjQaFpzqGKdv/E4rVSoKMkMWAU6T/X6c8i3JQxiKICcYc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751294585; c=relaxed/simple; bh=aJBZLRK2AtKTR7exY7C4jH9FsFz8pTE7CY5s0ADk6xI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dgyggPLmCgZxaK84EGD1Ld3Uro8bun3DozZNN9x6MOCpucBrlmEFI9CsSPynLZMYBA2Fs1JDldqjQh+oekbq3NmONFqFsNmTZKPkZB6n54mXNvOJdAUi7KxXW+5VBnq+nn0quJSej2aGdgD4hx1jnTM/w/cxeQIfRZoJ+emU9XE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=k3wsnbxQ; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="k3wsnbxQ" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-313a188174fso4480921a91.1; Mon, 30 Jun 2025 07:43:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751294582; x=1751899382; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n69gDXxPGfgIU+wPEIeigImTRma77DzYZ7Ve67R5PNg=; b=k3wsnbxQhfH147uPEQ4IpjPytY2Twf66KS3rigfbaodTHKorJ5J55DPj0e+ekgQt+A K7WPClQBMuafpx0PxNHFHGxFT+HmYyhDE5Qd8893VGsDhJKYLNULIWDcNBTAnOndyBSj 9g6g8YMFUYs7Nz98FcYW0CdwMFQeGGzPmpQiwfCNk6ZWb9gSd9dIiBVKdzPckHX6a9dT Bxdk7eG+fI9CznJaY0m1NhLUaMeXSW/SThgipnNo9mphh/92Mva/E10ln7d3Zc+Xoo95 zGrVuZPLrr3JPNJDaPW+T1YIngr+DxxwcBPufQp5f9jbggqT9fPOsJ3lGeBTTmIj+mCC i9UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751294582; x=1751899382; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n69gDXxPGfgIU+wPEIeigImTRma77DzYZ7Ve67R5PNg=; b=o41L/BiUteQueazmlXqUlPoAoKZ6hgg45OJtMa/irf+9g6D7r5PZL3ZGtr3Oi8Yh+0 oPQn7Wexj1xv8O03x1T1pdohCqTwVlgUE3ikzHlsU3l98lxNeg3aJozBl4jL6e5kJ3+F IbqzODWCP8Jm09+Iz1faGvzvgir4+AfZOljfB6z7/ZDAU6DQlUP23x85ttjO96+LlX5f YwGcImDDtnVkBTD99549qqwMUkBPpnQtFLXyxkdJI/KLzXUm+9m63T1obpnsaHi0oKqv jRaCB7KpcV+SV8oDsltzqCVPx0WNuaYPlb8v5BVhMqiNaZ5mYASxHL2GgOjyB6u8oxsS aIFg== X-Forwarded-Encrypted: i=1; AJvYcCUMgmlUee0G+nmk51qaudyim6FoDHNPT75t8m3uZ9UTLxdOPu5XAt2d9l8qfaE7vj+Ai3Y=@vger.kernel.org, AJvYcCVHWkbGr8p6wl5Ut8CXMXDUXx2/1Ajft23PYcV9Hdcm97qBiUnrzS6PFM2VJd0YwGkaTUixQ/IT2TMHvkDr@vger.kernel.org X-Gm-Message-State: AOJu0YxGHXdJj4IshmJ9Ri2AXqNVwGBha8uxG+t0ksRlSHRYajeEmC3j T2yjAd1iKyzY4A+sQ5PTf4wtME3VrZ5M1OAwTaGsurwUQuekfd9ObOm8tTe/8Q== X-Gm-Gg: ASbGncuK53lCazCxAo6wrS7Zb5xEzK7Nb4GG2XuyZutKgcfIs1MjAH7fsd+KSlTCl4P syrW0k/2JbcjWyfSRpeyb0cdZWLJi64nwNBKH/H5qvt0wTt7wFgPIMaQ6SO2cHDWdSw6oj2zGiv yPOwcLpRYGhUy/JDKRWiiyvww1L7w0d4w2kec6+Ts4Evp25R3mvQTwn+T1c4oBHo2o9RUECif5O opuwxBaRpnWSqmhBoVzOah6W6tbRObN4cVgve6D08AWtz3x838lymikNczs00AsBceBdbjp/CHE yh97N+C2+4p7GQwqzyk920VmWHL3bQFU/4zdoK9DkJhRTdS5s8ZbRtIjUP7c1J5ted2vzcwX1hv V X-Google-Smtp-Source: AGHT+IEBKjYr3kuohCQjY0CglzvBmQzIq01EIwspNpePjbfFFbP1AgODBoDwnck1jrdGsXqUo51EbA== X-Received: by 2002:a17:90b:1b0c:b0:30e:3737:7c87 with SMTP id 98e67ed59e1d1-318c91117a0mr17987244a91.5.1751294582368; Mon, 30 Jun 2025 07:43:02 -0700 (PDT) Received: from minh.192.168.1.1 ([2001:ee0:4f0e:fb30:2f51:de71:60e:eca9]) by smtp.googlemail.com with ESMTPSA id 98e67ed59e1d1-318c13a270csm9170017a91.16.2025.06.30.07.42.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Jun 2025 07:43:01 -0700 (PDT) From: Bui Quang Minh To: netdev@vger.kernel.org Cc: "Michael S. Tsirkin" , Jason Wang , Xuan Zhuo , =?UTF-8?q?Eugenio=20P=C3=A9rez?= , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , Stanislav Fomichev , virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, Bui Quang Minh Subject: [PATCH net v2 3/3] virtio-net: use the check_mergeable_len helper Date: Mon, 30 Jun 2025 21:42:12 +0700 Message-ID: <20250630144212.48471-4-minhquangbui99@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250630144212.48471-1-minhquangbui99@gmail.com> References: <20250630144212.48471-1-minhquangbui99@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the current repeated code to check received length in mergeable mode with the new check_mergeable_len helper. Signed-off-by: Bui Quang Minh Acked-by: Jason Wang --- drivers/net/virtio_net.c | 34 +++++++--------------------------- 1 file changed, 7 insertions(+), 27 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 535a4534c27f..ecd3f46deb5d 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -2156,7 +2156,6 @@ static int virtnet_build_xdp_buff_mrg(struct net_devi= ce *dev, struct virtnet_rq_stats *stats) { struct virtio_net_hdr_mrg_rxbuf *hdr =3D buf; - unsigned int headroom, tailroom, room; struct skb_shared_info *shinfo; unsigned int xdp_frags_truesz =3D 0; unsigned int truesize; @@ -2202,20 +2201,14 @@ static int virtnet_build_xdp_buff_mrg(struct net_de= vice *dev, page =3D virt_to_head_page(buf); offset =3D buf - page_address(page); =20 - truesize =3D mergeable_ctx_to_truesize(ctx); - headroom =3D mergeable_ctx_to_headroom(ctx); - tailroom =3D headroom ? sizeof(struct skb_shared_info) : 0; - room =3D SKB_DATA_ALIGN(headroom + tailroom); - - xdp_frags_truesz +=3D truesize; - if (unlikely(len > truesize - room)) { + if (check_mergeable_len(dev, ctx, len)) { put_page(page); - pr_debug("%s: rx error: len %u exceeds truesize %lu\n", - dev->name, len, (unsigned long)(truesize - room)); - DEV_STATS_INC(dev, rx_length_errors); goto err; } =20 + truesize =3D mergeable_ctx_to_truesize(ctx); + xdp_frags_truesz +=3D truesize; + frag =3D &shinfo->frags[shinfo->nr_frags++]; skb_frag_fill_page_desc(frag, page, offset, len); if (page_is_pfmemalloc(page)) @@ -2429,18 +2422,12 @@ static struct sk_buff *receive_mergeable(struct net= _device *dev, struct sk_buff *head_skb, *curr_skb; unsigned int truesize =3D mergeable_ctx_to_truesize(ctx); unsigned int headroom =3D mergeable_ctx_to_headroom(ctx); - unsigned int tailroom =3D headroom ? sizeof(struct skb_shared_info) : 0; - unsigned int room =3D SKB_DATA_ALIGN(headroom + tailroom); =20 head_skb =3D NULL; u64_stats_add(&stats->bytes, len - vi->hdr_len); =20 - if (unlikely(len > truesize - room)) { - pr_debug("%s: rx error: len %u exceeds truesize %lu\n", - dev->name, len, (unsigned long)(truesize - room)); - DEV_STATS_INC(dev, rx_length_errors); + if (check_mergeable_len(dev, ctx, len)) goto err_skb; - } =20 if (unlikely(vi->xdp_enabled)) { struct bpf_prog *xdp_prog; @@ -2475,17 +2462,10 @@ static struct sk_buff *receive_mergeable(struct net= _device *dev, u64_stats_add(&stats->bytes, len); page =3D virt_to_head_page(buf); =20 - truesize =3D mergeable_ctx_to_truesize(ctx); - headroom =3D mergeable_ctx_to_headroom(ctx); - tailroom =3D headroom ? sizeof(struct skb_shared_info) : 0; - room =3D SKB_DATA_ALIGN(headroom + tailroom); - if (unlikely(len > truesize - room)) { - pr_debug("%s: rx error: len %u exceeds truesize %lu\n", - dev->name, len, (unsigned long)(truesize - room)); - DEV_STATS_INC(dev, rx_length_errors); + if (check_mergeable_len(dev, ctx, len)) goto err_skb; - } =20 + truesize =3D mergeable_ctx_to_truesize(ctx); curr_skb =3D virtnet_skb_append_frag(head_skb, curr_skb, page, buf, len, truesize); if (!curr_skb) --=20 2.43.0