> From: Bui Quang Minh <[email protected]>
> Sent: 27 October 2025 08:36 PM
[..]
> >>
> >> The check is already there before this commit, but it is not correct
> >> since the changes in commit 4959aebba8c0 ("virtio-net: use mtu size
> >> as buffer length for big packets"). So this patch fixes the check
> >> corresponding to the new change. I think this is a valid use of Fixes tag.
> > I am missing something.
> > If you don’t have the broken device, what part if wrong in the patch which
> needs fixes tag?
>
> The host can load the own vhost_net driver and sends the incorrect length.
> IMHO, it's good to sanity check the received input.
>
> The check
>
> if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE))
> goto err;
>
> is wrong because the allocated buffer is (vi->big_packets_num_skbfrags +
> 1) * PAGE_SIZE not MAX_SKB_FRAGS * PAGE_SIZE anymore.
> vi->big_packets_num_skbfrags depends on the negotiated mtu between host
> and guest when guest_gso is off as in function virtnet_set_big_packets.
>
> Thanks,
> Quang Minh.
Got it. Yes, listed commit missed to consider length check here based on the
mtu.
Thanks.
