Re: [PATCHv2] ibmveth: Fix off-by-one error in ibmveth_change_mtu()

From: Tyrel Datwyler
Date: Thu Apr 23 2015 - 19:13:01 EST

Next message: Dmitry Tunin: "[PATCH] psmouse - focaltech pass finger width to userspace"
Previous message: Ming Lin: "[PATCH v3 2/4] md/raid10: make sync_request_write() call bio_copy_data()"
In reply to: Thomas Falcon: "Re: [PATCHv2] ibmveth: Fix off-by-one error in ibmveth_change_mtu()"
Next in thread: David Gibson: "[PATCHv2] ibmveth: Fix off-by-one error in ibmveth_change_mtu()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/22/2015 02:42 PM, Thomas Falcon wrote:
> On 04/20/2015 08:07 PM, David Gibson wrote:
>> AFAIK the PAPR document which defines the virtual device interface used by
>> the ibmveth driver doesn't specify a specific maximum MTU. So, in the

PAPR itself doesn't, but the max-frame-size property, which I understand
to be synonymous with max MTU, is required by PAPR to be present in the
Logical LAN OF node corresponding to the ibmveth device.

-Tyrel

>> ibmveth driver, the maximum allowed MTU is determined by the maximum
>> allocated buffer size of 64k (corresponding to one page in the common case)
>> minus the per-buffer overhead IBMVETH_BUFF_OH (which has value 22 for 14
>> bytes of ethernet header, plus 8 bytes for an opaque handle).
>>
>> This suggests a maximum allowable MTU of 65514 bytes, but in fact the
>> driver only permits a maximum MTU of 65513. This is because there is a <
>> instead of an <= in ibmveth_change_mtu(), which only permits an MTU which
>> is strictly smaller than the buffer size, rather than allowing the buffer
>> to be completely filled.
>>
>> This patch fixes the buglet.
>
> Thanks!
>
> Acked-by: Thomas Falcon <tlfalcon@xxxxxxxxxxxxxxxxxx>
>
>>
>> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>1
>> ---
>> drivers/net/ethernet/ibm/ibmveth.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> Changes since v1:
>> * Fixed a second instance of the same off-by-one error. Thanks to
>> Thomas Falcon for spotting this.
>>
>> diff --git a/drivers/net/ethernet/ibm/ibmveth.c b/drivers/net/ethernet/ibm/ibmveth.c
>> index cd7675a..1813476 100644
>> --- a/drivers/net/ethernet/ibm/ibmveth.c
>> +++ b/drivers/net/ethernet/ibm/ibmveth.c
>> @@ -1238,7 +1238,7 @@ static int ibmveth_change_mtu(struct net_device *dev, int new_mtu)
>> return -EINVAL;
>>
>> for (i = 0; i < IBMVETH_NUM_BUFF_POOLS; i++)
>> - if (new_mtu_oh < adapter->rx_buff_pool[i].buff_size)
>> + if (new_mtu_oh <= adapter->rx_buff_pool[i].buff_size)
>> break;
>>
>> if (i == IBMVETH_NUM_BUFF_POOLS)
>> @@ -1257,7 +1257,7 @@ static int ibmveth_change_mtu(struct net_device *dev, int new_mtu)
>> for (i = 0; i < IBMVETH_NUM_BUFF_POOLS; i++) {
>> adapter->rx_buff_pool[i].active = 1;
>>
>> - if (new_mtu_oh < adapter->rx_buff_pool[i].buff_size) {
>> + if (new_mtu_oh <= adapter->rx_buff_pool[i].buff_size) {
>> dev->mtu = new_mtu;
>> vio_cmo_set_dev_desired(viodev,
>> ibmveth_get_desired_dma
>
> _______________________________________________
> Linuxppc-dev mailing list
> Linuxppc-dev@xxxxxxxxxxxxxxxx
> https://lists.ozlabs.org/listinfo/linuxppc-dev
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Tunin: "[PATCH] psmouse - focaltech pass finger width to userspace"
Previous message: Ming Lin: "[PATCH v3 2/4] md/raid10: make sync_request_write() call bio_copy_data()"
In reply to: Thomas Falcon: "Re: [PATCHv2] ibmveth: Fix off-by-one error in ibmveth_change_mtu()"
Next in thread: David Gibson: "[PATCHv2] ibmveth: Fix off-by-one error in ibmveth_change_mtu()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]