lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20260114231922.6b41e9ed@elisabeth>
Date: Wed, 14 Jan 2026 23:19:22 +0100
From: Stefano Brivio <sbrivio@...hat.com>
To: Laurent Vivier <lvivier@...hat.com>
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, Oliver Neukum
 <oneukum@...e.com>, linux-usb@...r.kernel.org
Subject: Re: [PATCH] usbnet: limit max_mtu based on device's hard_mtu

On Wed, 14 Jan 2026 10:03:17 +0100
Laurent Vivier <lvivier@...hat.com> wrote:

> The usbnet driver initializes net->max_mtu to ETH_MAX_MTU before calling
> the device's bind() callback. When the bind() callback sets
> dev->hard_mtu based the device's actual capability (from CDC Ethernet's
> wMaxSegmentSize descriptor), max_mtu is never updated to reflect this
> hardware limitation).
> 
> This allows userspace (DHCP or IPv6 RA) to configure MTU larger than the
> device can handle, leading to silent packet drops when the backend sends
> packet exceeding the device's buffer size.
> 
> Fix this by limiting net->max_mtu to the device's hard_mtu after the
> bind callback returns.
> 
> See https://gitlab.com/qemu-project/qemu/-/issues/3268 and
>     https://bugs.passt.top/attachment.cgi?bugid=189
> 
> Signed-off-by: Laurent Vivier <lvivier@...hat.com>

Thanks for fixing this!

Link: https://bugs.passt.top/show_bug.cgi?id=189
Reviewed-by: Stefano Brivio <sbrivio@...hat.com>

-- 
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ