On Mon, 9 Mar 2026 17:10:18 +0100 Xavier Guillaume <[email protected]> wrote:
> This series fixes two bugs in the af_packet PMD related to frame > size calculations and buffer safety, then enables jumbo frame > support by deriving the advertised capabilities from the actual > TPACKET ring configuration. > > Patch 1 fixes the data size calculation in eth_dev_mtu_set() which > is too restrictive due to TPACKET2_HDRLEN including sizeof(struct > sockaddr_ll) even though the sockaddr_ll does not consume frame > data space. The formula is now consistent with the RX and TX paths. > > Patch 2 adds a bounds check in the RX path to prevent a heap buffer > overflow when the kernel delivers a packet larger than the mbuf data > room (e.g. if the kernel interface MTU is raised externally). > > Patch 3 replaces the static max_rx_pktlen (RTE_ETHER_MAX_LEN) and > adds max_mtu, both derived from the configured TPACKET frame size. > This enables jumbo frame support when the user specifies a larger > framesz devarg at vdev creation time. > > v2: > - patch 2/3: fix Fixes tag to use 12-char SHA (checkpatch warning) > > Xavier Guillaume (3): > net/af_packet: fix MTU set data size calculation > net/af_packet: fix receive buffer overflow > net/af_packet: support jumbo frames > > drivers/net/af_packet/rte_eth_af_packet.c | 17 +++++++++++++++-- > 1 file changed, 15 insertions(+), 2 deletions(-) > Looks good to me, so sent AI off to look at the fine details around MTU. The one observation from me is that the new check for data_size is redundnt and should be removed or turned into RTE_ASSERT() **Patch 1/3 - fix MTU set data size calculation** The sockaddr_ll fix is correct. The formula now matches the Rx and Tx queue setup paths. Good commit message explaining the TPACKET2_HDRLEN decomposition. Minor: now that patch 3 reports max_mtu correctly, the ethdev layer validates mtu <= max_mtu before calling the PMD callback (eth_dev_validate_mtu in rte_ethdev.c). The data_size check here becomes redundant dead code. Consider removing it to keep the driver simple and avoid confusing future readers. **Patch 2/3 - fix receive buffer overflow** Good catch. Real buffer overflow when kernel MTU is raised externally past the TPACKET ring capacity. The tailroom check, frame return to kernel, and dropped counter are all correct. **Patch 3/3 - support jumbo frames** The max_rx_pktlen and max_mtu derivation from the actual TPACKET ring frame size is correct and consistent with the data_size formula in patches 1 and 2.
