On Mon, 2011-10-03 at 21:04 +0200, Michael S. Tsirkin wrote:
> On Wed, Sep 28, 2011 at 05:40:54PM +0300, Sasha Levin wrote:
> > This patch verifies that the length of a buffer stored in a linked list
> > of pages is small enough to fit into a skb.
> >
> > If the size is larger than a max size of a skb, it means that we shouldn't
> > go ahead building skbs anyway since we won't be able to send the buffer as
> > the user requested.
> >
> > Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
> > Cc: "Michael S. Tsirkin" <mst@xxxxxxxxxx>
> > Cc: virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > Cc: netdev@xxxxxxxxxxxxxxx
> > Cc: kvm@xxxxxxxxxxxxxxx
> > Signed-off-by: Sasha Levin <levinsasha928@xxxxxxxxx>
> > ---
> > drivers/net/virtio_net.c | 13 +++++++++++++
> > 1 files changed, 13 insertions(+), 0 deletions(-)
> >
> > diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> > index 0c7321c..bde0dec 100644
> > --- a/drivers/net/virtio_net.c
> > +++ b/drivers/net/virtio_net.c
> > @@ -195,6 +195,19 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi,
> > len -= copy;
> > offset += copy;
> >
> > + /*
> > + * Verify that we can indeed put this data into a skb.
> > + * This is here to handle cases when the device erroneously
> > + * tries to receive more than is possible. This is usually
> > + * the case of a broken device.
> > + */
> > + if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) {
> > + if (net_ratelimit())
> > + pr_debug("%s: too much data\n", skb->dev->name);
> > + dev_kfree_skb(skb);
> > + return NULL;
> > + }
> > +
>
> BTW, receive_mergeable does
> pr_debug("%s: packet too long\n", skb->dev->name);
> skb->dev->stats.rx_length_errors++;
>
> which makes sense.
Do you think we should increase rx_length_errors here as well?
--
Sasha.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
