usbnet: limit max_mtu based on device's hard_mtu #7203
+6
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This backport of https://git.kernel.org/netdev/net/c/c7159e960f14 will allow running Raspberry Pi OS kernel in QEMU using passt usb networking, without requiring throttling. The initial problem is described at https://gitlab.com/qemu-project/qemu/-/issues/3268 and https://bugs.passt.top/attachment.cgi?bugid=189. ----- From: Laurent Vivier <lvivier@redhat.com> Date: Mon, 19 Jan 2026 08:55:18 +0100 The usbnet driver initializes net->max_mtu to ETH_MAX_MTU before calling the device's bind() callback. When the bind() callback sets dev->hard_mtu based the device's actual capability (from CDC Ethernet's wMaxSegmentSize descriptor), max_mtu is never updated to reflect this hardware limitation). This allows userspace (DHCP or IPv6 RA) to configure MTU larger than the device can handle, leading to silent packet drops when the backend sends packet exceeding the device's buffer size. Fix this by limiting net->max_mtu to the device's hard_mtu after the bind callback returns. See https://gitlab.com/qemu-project/qemu/-/issues/3268 and https://bugs.passt.top/attachment.cgi?bugid=189 Fixes: f77f0ae ("net: use core MTU range checking in USB NIC drivers") Signed-off-by: Laurent Vivier <lvivier@redhat.com> Link: https://bugs.passt.top/show_bug.cgi?id=189 Reviewed-by: Stefano Brivio <sbrivio@redhat.com> Link: https://patch.msgid.link/20260119075518.2774373-1-lvivier@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Contributor
|
You're keen - this commit hasn't even hit linux-next yet. Fortunately for you it has a Fixes tag, so I expect it to be automatically back-ported to the LTS branches, including 6.12. If nothing has appeared after a week or two, feel free to add a comment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This backport of https://git.kernel.org/netdev/net/c/c7159e960f14 will allow running Raspberry Pi OS kernel in QEMU using passt usb networking, without requiring throttling.
The initial problem is described at https://gitlab.com/qemu-project/qemu/-/issues/3268 and https://bugs.passt.top/attachment.cgi?bugid=189.
From: Laurent Vivier <lvivier working in redhat.com>
Date: Mon, 19 Jan 2026 08:55:18 +0100
The usbnet driver initializes net->max_mtu to ETH_MAX_MTU before calling the device's bind() callback. When the bind() callback sets dev->hard_mtu based the device's actual capability (from CDC Ethernet's wMaxSegmentSize descriptor), max_mtu is never updated to reflect this hardware limitation).
This allows userspace (DHCP or IPv6 RA) to configure MTU larger than the device can handle, leading to silent packet drops when the backend sends packet exceeding the device's buffer size.
Fix this by limiting net->max_mtu to the device's hard_mtu after the bind callback returns.
See https://gitlab.com/qemu-project/qemu/-/issues/3268 and
https://bugs.passt.top/attachment.cgi?bugid=189
Fixes: f77f0ae ("net: use core MTU range checking in USB NIC drivers")
Link: https://bugs.passt.top/show_bug.cgi?id=189
Reviewed-by: Stefano Brivio <sbrivio working in redhat.com>
Link: https://patch.msgid.link/20260119075518.2774373-1-lvivier@redhat.com