lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20260117153443.6997a8f0@kernel.org>
Date: Sat, 17 Jan 2026 15:34:43 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Laurent Vivier <lvivier@...hat.com>
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, Oliver Neukum
 <oneukum@...e.com>, linux-usb@...r.kernel.org
Subject: Re: [PATCH] usbnet: limit max_mtu based on device's hard_mtu

On Wed, 14 Jan 2026 10:03:17 +0100 Laurent Vivier wrote:
> The usbnet driver initializes net->max_mtu to ETH_MAX_MTU before calling
> the device's bind() callback. When the bind() callback sets
> dev->hard_mtu based the device's actual capability (from CDC Ethernet's
> wMaxSegmentSize descriptor), max_mtu is never updated to reflect this
> hardware limitation).
> 
> This allows userspace (DHCP or IPv6 RA) to configure MTU larger than the
> device can handle, leading to silent packet drops when the backend sends
> packet exceeding the device's buffer size.
> 
> Fix this by limiting net->max_mtu to the device's hard_mtu after the
> bind callback returns.

Change looks good, please add Stefano's tags, a Fixes tag pointing at
the oldest commit in the git history where this user-visible issue can
be reproduced (use the first tag in git history if necessary), and
resend. Please mark the commit as [PATCH net v2] when resending.
Start a new thread (don't reply to this one). And one more thing..

> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
> index 36742e64cff7..8dbbeb8ce3f8 100644
> --- a/drivers/net/usb/usbnet.c
> +++ b/drivers/net/usb/usbnet.c
> @@ -1821,9 +1821,14 @@ usbnet_probe(struct usb_interface *udev, const struct usb_device_id *prod)
>  		if ((dev->driver_info->flags & FLAG_NOARP) != 0)
>  			net->flags |= IFF_NOARP;
>  
> -		/* maybe the remote can't receive an Ethernet MTU */
> -		if (net->mtu > (dev->hard_mtu - net->hard_header_len))
> -			net->mtu = dev->hard_mtu - net->hard_header_len;
> +		/* limit max_mtu to the device's hard_mtu */

please remove these comments, we can read the code

> +		if (net->max_mtu > (dev->hard_mtu - net->hard_header_len))
> +			net->max_mtu = dev->hard_mtu - net->hard_header_len;
> +
> +		/* limit mtu to max_mtu */

and this one

> +		if (net->mtu > net->max_mtu)
> +			net->mtu = net->max_mtu;
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ