virtio_net: stricter short buffer length checks

Our buffer length check is not strict enough for mergeable
buffers: buffer can still be shorter that header + address
by 2 bytes.

Fix that up.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>

diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 516f2cb034b548e5bebc3beccb74e43b6740229f..098f4432afa1b101cd050d45b5bbc5c2a0e81e83 100644 (file)
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -437,7 +437,7 @@ static void receive_buf(struct virtnet_info *vi, struct receive_queue *rq,
        struct sk_buff *skb;
        struct virtio_net_hdr_mrg_rxbuf *hdr;
 
-       if (unlikely(len < sizeof(struct virtio_net_hdr) + ETH_HLEN)) {
+       if (unlikely(len < vi->hdr_len + ETH_HLEN)) {
                pr_debug("%s: short packet %i\n", dev->name, len);
                dev->stats.rx_length_errors++;
                if (vi->mergeable_rx_bufs) {