Commit fac6b82e authored Jul 17, 2025 by Will Deacon Committed by Michael S. Tsirkin Aug 01, 2025

vsock/virtio: Move SKB allocation lower-bound check to callers



virtio_vsock_alloc_linear_skb() checks that the requested size is at
least big enough for the packet header (VIRTIO_VSOCK_SKB_HEADROOM).

Of the three callers of virtio_vsock_alloc_linear_skb(), only
vhost_vsock_alloc_skb() can potentially pass a packet smaller than the
header size and, as it already has a check against the maximum packet
size, extend its bounds checking to consider the minimum packet size
and remove the check from virtio_vsock_alloc_linear_skb().

Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Will Deacon <will@kernel.org>
Message-Id: <20250717090116.11987-7-will@kernel.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

parent 2304c64a

drivers/vhost/vsock.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -344,7 +344,8 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq,

		len = iov_length(vq->iov, out);

		if (len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + VIRTIO_VSOCK_SKB_HEADROOM)
		if (len < VIRTIO_VSOCK_SKB_HEADROOM \|\|
		len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + VIRTIO_VSOCK_SKB_HEADROOM)
		return NULL;

		/* len contains both payload and hdr */

include/linux/virtio_vsock.h

+0 −3

Original line number	Diff line number	Diff line
		@@ -57,9 +57,6 @@ virtio_vsock_alloc_linear_skb(unsigned int size, gfp_t mask)
		{
		struct sk_buff *skb;

		if (size < VIRTIO_VSOCK_SKB_HEADROOM)
		return NULL;

		skb = alloc_skb(size, mask);
		if (!skb)
		return NULL;