virtio-net: xsk: rx: fix the frame's length check

When calling buf_to_xdp, the len argument is the frame data's length
without virtio header's length (vi->hdr_len). We check that len with

	xsk_pool_get_rx_frame_size() + vi->hdr_len

to ensure the provided len does not larger than the allocated chunk
size. The additional vi->hdr_len is because in virtnet_add_recvbuf_xsk,
we use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost
to start placing data from

	hard_start + XDP_PACKET_HEADROOM - vi->hdr_len
not
	hard_start + XDP_PACKET_HEADROOM

But the first buffer has virtio_header, so the maximum frame's length in
the first buffer can only be

	xsk_pool_get_rx_frame_size()
not
	xsk_pool_get_rx_frame_size() + vi->hdr_len

like in the current check.

This commit adds an additional argument to buf_to_xdp differentiate
between the first buffer and other ones to correctly calculate the maximum
frame's length.

Cc: stable@vger.kernel.org
Reviewed-by: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
Fixes: a4e7ba702701 ("virtio_net: xsk: rx: support recv small mode")
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Link: https://patch.msgid.link/20250630151315.86722-2-minhquangbui99@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index ecd3f46deb5d7004cf6e48218a8cbda80377960a..50ff9a309ddc55ce42548b6b890a0acea4f00402 100644 (file)
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1147,15 +1147,29 @@ static void check_sq_full_and_disable(struct virtnet_info *vi,
        }
 }
 
+/* Note that @len is the length of received data without virtio header */
 static struct xdp_buff *buf_to_xdp(struct virtnet_info *vi,
-                                  struct receive_queue *rq, void *buf, u32 len)
+                                  struct receive_queue *rq, void *buf,
+                                  u32 len, bool first_buf)
 {
        struct xdp_buff *xdp;
        u32 bufsize;
 
        xdp = (struct xdp_buff *)buf;
 
-       bufsize = xsk_pool_get_rx_frame_size(rq->xsk_pool) + vi->hdr_len;
+       /* In virtnet_add_recvbuf_xsk, we use part of XDP_PACKET_HEADROOM for
+        * virtio header and ask the vhost to fill data from
+        *         hard_start + XDP_PACKET_HEADROOM - vi->hdr_len
+        * The first buffer has virtio header so the remaining region for frame
+        * data is
+        *         xsk_pool_get_rx_frame_size()
+        * While other buffers than the first one do not have virtio header, so
+        * the maximum frame data's length can be
+        *         xsk_pool_get_rx_frame_size() + vi->hdr_len
+        */
+       bufsize = xsk_pool_get_rx_frame_size(rq->xsk_pool);
+       if (!first_buf)
+               bufsize += vi->hdr_len;
 
        if (unlikely(len > bufsize)) {
                pr_debug("%s: rx error: len %u exceeds truesize %u\n",
@@ -1280,7 +1294,7 @@ static int xsk_append_merge_buffer(struct virtnet_info *vi,
 
                u64_stats_add(&stats->bytes, len);
 
-               xdp = buf_to_xdp(vi, rq, buf, len);
+               xdp = buf_to_xdp(vi, rq, buf, len, false);
                if (!xdp)
                        goto err;
 
@@ -1378,7 +1392,7 @@ static void virtnet_receive_xsk_buf(struct virtnet_info *vi, struct receive_queu
 
        u64_stats_add(&stats->bytes, len);
 
-       xdp = buf_to_xdp(vi, rq, buf, len);
+       xdp = buf_to_xdp(vi, rq, buf, len, true);
        if (!xdp)
                return;