Re: [PATCH net 1/2] vsock/virtio: fix length and offset in tap skb for split packets

Fri, 08 May 2026 15:23:58 -0700 

On Fri, May 08, 2026 at 06:44:10PM +0200, Stefano Garzarella wrote:
> From: Stefano Garzarella <[email protected]>
> 
> virtio_transport_build_skb() builds a new skb to be delivered to the
> vsockmon tap device. To build the new skb, it uses the original skb
> data length as payload length, but as the comment notes, the original
> packet stored in the skb may have been split in multiple packets, so we
> need to use the length in the header, which is correctly updated before
> the packet is delivered to the tap, and the offset for the data.
> 
> This was also similar to what we did before commit 71dc9ec9ac7d
> ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") where we probably
> missed something during the skb conversion.
> 
> Also update the comment above, which was left stale by the skb
> conversion and still mentioned a buffer pointer that no longer exists.
> 
> Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
> Signed-off-by: Stefano Garzarella <[email protected]>
> ---
>  net/vmw_vsock/virtio_transport_common.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/net/vmw_vsock/virtio_transport_common.c 
> b/net/vmw_vsock/virtio_transport_common.c
> index 9b8014516f4f..a678d5d75704 100644
> --- a/net/vmw_vsock/virtio_transport_common.c
> +++ b/net/vmw_vsock/virtio_transport_common.c
> @@ -166,12 +166,12 @@ static struct sk_buff *virtio_transport_build_skb(void 
> *opaque)
>       struct sk_buff *skb;
>       size_t payload_len;
>  
> -     /* A packet could be split to fit the RX buffer, so we can retrieve
> -      * the payload length from the header and the buffer pointer taking
> -      * care of the offset in the original packet.
> +     /* A packet could be split to fit the RX buffer, so we use
> +      * the payload length from the header, which has been updated
> +      * by the sender to reflect the fragment size.
>        */
>       pkt_hdr = virtio_vsock_hdr(pkt);
> -     payload_len = pkt->len;
> +     payload_len = le32_to_cpu(pkt_hdr->len);
>  
>       skb = alloc_skb(sizeof(*hdr) + sizeof(*pkt_hdr) + payload_len,
>                       GFP_ATOMIC);
> @@ -219,7 +219,8 @@ static struct sk_buff *virtio_transport_build_skb(void 
> *opaque)
>  
>                       virtio_transport_copy_nonlinear_skb(pkt, data, 
> payload_len);
>               } else {
> -                     skb_put_data(skb, pkt->data, payload_len);
> +                     skb_put_data(skb, pkt->data + 
> VIRTIO_VSOCK_SKB_CB(pkt)->offset,
> +                                  payload_len);
>               }
>       }
>  
> -- 
> 2.54.0
> 

Reviewed-by: Bobby Eshleman <[email protected]>

Reply via email to