From: Bui Quang Minh minhquangbui99@gmail.com Sent: 27 October 2025 08:36 PM
[..]
The check is already there before this commit, but it is not correct since the changes in commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"). So this patch fixes the check corresponding to the new change. I think this is a valid use of Fixes tag.
I am missing something. If you don’t have the broken device, what part if wrong in the patch which
needs fixes tag?
The host can load the own vhost_net driver and sends the incorrect length. IMHO, it's good to sanity check the received input.
The check
if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) goto err;
is wrong because the allocated buffer is (vi->big_packets_num_skbfrags +
- PAGE_SIZE not MAX_SKB_FRAGS * PAGE_SIZE anymore.
vi->big_packets_num_skbfrags depends on the negotiated mtu between host and guest when guest_gso is off as in function virtnet_set_big_packets.
Thanks, Quang Minh.
Got it. Yes, listed commit missed to consider length check here based on the mtu. Thanks.