Re: [PATCH] usbnet: limit max_mtu based on device's hard_mtu

Next message: Bryan O'Donoghue: "Re: [PATCH v3 1/2] media: iris: Document difference in size during allocation"
Previous message: Vladimir Oltean: "Re: [PATCH net-next RFC] net: ethernet: mtk_eth_soc: support using non-MediaTek DSA switches"
In reply to: Laurent Vivier: "[PATCH] usbnet: limit max_mtu based on device's hard_mtu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stefano Brivio

Date: Wed Jan 14 2026 - 17:19:30 EST

On Wed, 14 Jan 2026 10:03:17 +0100
Laurent Vivier <lvivier@xxxxxxxxxx> wrote:

> The usbnet driver initializes net->max_mtu to ETH_MAX_MTU before calling
> the device's bind() callback. When the bind() callback sets
> dev->hard_mtu based the device's actual capability (from CDC Ethernet's
> wMaxSegmentSize descriptor), max_mtu is never updated to reflect this
> hardware limitation).
>
> This allows userspace (DHCP or IPv6 RA) to configure MTU larger than the
> device can handle, leading to silent packet drops when the backend sends
> packet exceeding the device's buffer size.
>
> Fix this by limiting net->max_mtu to the device's hard_mtu after the
> bind callback returns.
>
> See https://gitlab.com/qemu-project/qemu/-/issues/3268 and
> https://bugs.passt.top/attachment.cgi?bugid=189
>
> Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>

Thanks for fixing this!

Link: https://bugs.passt.top/show_bug.cgi?id=189
Reviewed-by: Stefano Brivio <sbrivio@xxxxxxxxxx>

--
Stefano