vsock/virtio: Move SKB allocation lower-bound check to callers

virtio_vsock_alloc_linear_skb() checks that the requested size is at least big enough for the packet header (VIRTIO_VSOCK_SKB_HEADROOM). Of the three callers of virtio_vsock_alloc_linear_skb(), only vhost_vsock_alloc_skb() can potentially pass a packet smaller than the header size and, as it already has a check against the maximum packet size, extend its bounds checking to consider the minimum packet size and remove the check from virtio_vsock_alloc_linear_skb(). Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Will Deacon <will@kernel.org> Message-Id: <20250717090116.11987-7-will@kernel.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
author: Will Deacon <will@kernel.org> 2025-07-17 10:01:13 +0100
committer: Michael S. Tsirkin <mst@redhat.com> 2025-08-01 09:11:09 -0400
commit: fac6b82e0f3eaca33c8c67ec401681b21143ae17 (patch)
tree: 0cd114a995d746b84cf606cecccf78a83ce21d45 /drivers/vhost
parent: 2304c64a2866c58534560c63dc6e79d09b8f8d8d (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 1ad96613680e..24b7547b05a6 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -344,7 +344,8 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq,
 
 	len = iov_length(vq->iov, out);
 
-	if (len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + VIRTIO_VSOCK_SKB_HEADROOM)
+	if (len < VIRTIO_VSOCK_SKB_HEADROOM ||
+	    len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + VIRTIO_VSOCK_SKB_HEADROOM)
 		return NULL;
 
 	/* len contains both payload and hdr */
author	Will Deacon <will@kernel.org>	2025-07-17 10:01:13 +0100
committer	Michael S. Tsirkin <mst@redhat.com>	2025-08-01 09:11:09 -0400
commit	fac6b82e0f3eaca33c8c67ec401681b21143ae17 (patch)
tree	0cd114a995d746b84cf606cecccf78a83ce21d45 /drivers/vhost
parent	2304c64a2866c58534560c63dc6e79d09b8f8d8d (diff)