Re: [PATCH v2 10/10] vhost-user: Centralise Ethernet frame padding in vu_collect() and vu_pad()

10 Apr 2026

On Fri, Apr 03, 2026 at 06:38:11PM +0200, Laurent Vivier wrote:
...
The previous per-protocol padding done by vu_pad() in tcp_vu.c and
udp_vu.c was only correct for single-buffer frames: it assumed the
padding area always fell within the first iov, writing past its end
with a plain memset().
It also required each caller to compute MAX(..., ETH_ZLEN + VNET_HLEN)
for vu_collect() and to call vu_pad() at the right point, duplicating
the minimum-size logic across protocols.
Move the Ethernet minimum size enforcement into vu_collect() itself, so
that enough buffer space is always reserved for padding regardless of
the requested frame size.
Rewrite vu_pad() to take a full iovec array and use iov_memset(),
making it safe for multi-buffer (mergeable rx buffer) frames.
In tcp_vu_sock_recv(), replace iov_truncate() with iov_skip_bytes():
now that all consumers receive explicit data lengths, truncating the
iovecs is no longer needed.  In tcp_vu_data_from_sock(), cap each
frame's data length against the remaining bytes actually received from
the socket, so that the last partial frame gets correct headers and
sequence number advancement.
Signed-off-by: Laurent Vivier 
---
 iov.c       |  1 -
 tcp_vu.c    | 34 ++++++++++++++++++----------------
 udp_vu.c    | 14 ++++++++------
 vu_common.c | 31 +++++++++++++++----------------
 vu_common.h |  2 +-
 5 files changed, 42 insertions(+), 40 deletions(-)

diff --git a/iov.c b/iov.c
index dabc4f1ceea3..28c6d40d2986 100644
--- a/iov.c
+++ b/iov.c
@@ -180,7 +180,6 @@ size_t iov_truncate(struct iovec *iov, size_t iov_cnt, size_t size)
  * 		Will write less than @length bytes if it runs out of space in
  * 		the iov
  */
-/* cppcheck-suppress unusedFunction */
 void iov_memset(const struct iovec *iov, size_t iov_cnt, size_t offset, int c,
      size_t length)
 {
diff --git a/tcp_vu.c b/tcp_vu.c
index 8c1894dca7fe..2dfe14485eee 100644
--- a/tcp_vu.c
+++ b/tcp_vu.c
@@ -88,7 +88,7 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags)
elem_cnt = vu_collect(vdev, vq, &flags_elem[0], 1,
      	      &flags_iov[0], 1, NULL,
-			      MAX(hdrlen + sizeof(*opts), ETH_ZLEN + VNET_HLEN), NULL);
+			      hdrlen + sizeof(*opts), NULL);
  if (elem_cnt != 1)
      return -1;
@@ -128,8 +128,6 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags)
      return ret;
  }
-	l2len = hdrlen + optlen - VNET_HLEN;
-	iov_truncate(&flags_iov[0], 1, l2len + VNET_HLEN);
  payload = IOV_TAIL(flags_elem[0].in_sg, 1, hdrlen);
if (flags & KEEPALIVE)
@@ -138,17 +136,17 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags)
  tcp_fill_headers(c, conn, eh, ip4h, ip6h, th, &payload,
      	 optlen, NULL, seq, !*c->pcap);
-	vu_pad(&flags_elem[0].in_sg[0], l2len);
-
+	vu_pad(flags_elem[0].in_sg, 1, hdrlen + optlen);
Is there a reason not to fold vu_pad() into vu_flush()?
...
vu_flush(vdev, vq, flags_elem, 1, hdrlen + optlen);
+	l2len = hdrlen + optlen - VNET_HLEN;
  if (*c->pcap)
      pcap_iov(&flags_elem[0].in_sg[0], 1, VNET_HLEN, l2len);
if (flags & DUP_ACK) {
      elem_cnt = vu_collect(vdev, vq, &flags_elem[1], 1,
      		      &flags_iov[1], 1, NULL,
-				      flags_elem[0].in_sg[0].iov_len, NULL);
+				      hdrlen + optlen, NULL);
      if (elem_cnt == 1 &&
          flags_elem[1].in_sg[0].iov_len >=
          flags_elem[0].in_sg[0].iov_len) {
@@ -213,7 +211,7 @@ static ssize_t tcp_vu_sock_recv(const struct ctx *c, struct vu_virtq *vq,
      		 ARRAY_SIZE(elem) - elem_cnt,
      		 &iov_vu[DISCARD_IOV_NUM + iov_used],
      		 VIRTQUEUE_MAX_SIZE - iov_used, &in_total,
-				 MAX(MIN(mss, fillsize) + hdrlen, ETH_ZLEN + VNET_HLEN),
+				 MIN(mss, fillsize) + hdrlen,
      		 &frame_size);
      if (cnt == 0)
      	break;
@@ -249,8 +247,11 @@ static ssize_t tcp_vu_sock_recv(const struct ctx *c, struct vu_virtq *vq,
  if (!peek_offset_cap)
      ret -= already_sent;
-	/* adjust iov number and length of the last iov */
-	i = iov_truncate(&iov_vu[DISCARD_IOV_NUM], iov_used, ret);
+	i = iov_skip_bytes(&iov_vu[DISCARD_IOV_NUM], iov_used,
+			   MAX(hdrlen + ret, VNET_HLEN + ETH_ZLEN),
+			   NULL);
+	if ((size_t)i < iov_used)
+		i++;
/* adjust head count */
  while (*head_cnt > 0 && head[*head_cnt - 1] >= i)
@@ -447,11 +448,13 @@ int tcp_vu_data_from_sock(const struct ctx *c, struct tcp_tap_conn *conn)
      size_t frame_size = iov_size(iov, buf_cnt);
      bool push = i == head_cnt - 1;
      ssize_t dlen;
-		size_t l2len;
assert(frame_size >= hdrlen);
dlen = frame_size - hdrlen;
+		if (dlen > len)
+			dlen = len;
+		len -= dlen;
/* The IPv4 header checksum varies only with dlen */
      if (previous_dlen != dlen)
@@ -460,14 +463,13 @@ int tcp_vu_data_from_sock(const struct ctx *c, struct tcp_tap_conn *conn)
tcp_vu_prepare(c, conn, iov, buf_cnt, dlen, &check, !*c->pcap, push);
-		/* Pad first/single buffer only, it's at least ETH_ZLEN long */
-		l2len = dlen + hdrlen - VNET_HLEN;
-		vu_pad(iov, l2len);
-
+		vu_pad(elem[head[i]].in_sg, buf_cnt, dlen + hdrlen);
      vu_flush(vdev, vq, &elem[head[i]], buf_cnt, dlen + hdrlen);
-		if (*c->pcap)
-			pcap_iov(iov, buf_cnt, VNET_HLEN, l2len);
+		if (*c->pcap) {
+			pcap_iov(iov, buf_cnt, VNET_HLEN,
+				 dlen + hdrlen - VNET_HLEN);
+		}
conn->seq_to_tap += dlen;
  }
diff --git a/udp_vu.c b/udp_vu.c
index 4641f42eb5c4..30af64034516 100644
--- a/udp_vu.c
+++ b/udp_vu.c
@@ -65,7 +65,7 @@ static size_t udp_vu_hdrlen(bool v6)
 static ssize_t udp_vu_sock_recv(struct iovec *iov, size_t *cnt, int s, bool v6)
 {
  struct msghdr msg  = { 0 };
-	size_t hdrlen, l2len;
+	size_t hdrlen, iov_used;
  ssize_t dlen;
/* compute L2 header length */
@@ -88,11 +88,12 @@ static ssize_t udp_vu_sock_recv(struct iovec *iov, size_t *cnt, int s, bool v6)
  iov[0].iov_base = (char *)iov[0].iov_base - hdrlen;
  iov[0].iov_len += hdrlen;
-	*cnt = iov_truncate(iov, *cnt, dlen + hdrlen);
-
-	/* pad frame to 60 bytes: first buffer is at least ETH_ZLEN long */
-	l2len = dlen + hdrlen - VNET_HLEN;
-	vu_pad(&iov[0], l2len);
+	iov_used = iov_skip_bytes(iov, *cnt,
+				  MAX(dlen + hdrlen, VNET_HLEN + ETH_ZLEN),
+				  NULL);
+	if (iov_used < *cnt)
+		iov_used++;
+	*cnt = iov_used; /* one iovec per element */
return dlen;
 }
@@ -234,6 +235,7 @@ void udp_vu_sock_to_tap(const struct ctx *c, int s, int n, flow_sidx_t tosidx)
      		pcap_iov(iov_vu, iov_cnt, VNET_HLEN,
      			 hdrlen + dlen - VNET_HLEN);
      	}
+			vu_pad(iov_vu, iov_cnt, hdrlen + dlen);
      	vu_flush(vdev, vq, elem, elem_used, hdrlen + dlen);
      	vu_queue_notify(vdev, vq);
      }
diff --git a/vu_common.c b/vu_common.c
index 704e908aa02c..d07f584f228a 100644
--- a/vu_common.c
+++ b/vu_common.c
@@ -74,6 +74,7 @@ int vu_collect(const struct vu_dev *vdev, struct vu_virtq *vq,
  size_t current_iov = 0;
  int elem_cnt = 0;
+	size = MAX(size, ETH_ZLEN /* Ethernet minimum size */ + VNET_HLEN);
  while (current_size < size && elem_cnt < max_elem &&
         current_iov < max_in_sg) {
      int ret;
@@ -261,29 +262,27 @@ int vu_send_single(const struct ctx *c, const void *buf, size_t size)
      return -1;
  }
-	size += VNET_HLEN;
  elem_cnt = vu_collect(vdev, vq, elem, ARRAY_SIZE(elem), in_sg,
-			      ARRAY_SIZE(in_sg), &in_total, size, &total);
-	if (elem_cnt == 0 || total < size) {
+			      ARRAY_SIZE(in_sg), &in_total, VNET_HLEN + size, &total);
+	if (elem_cnt == 0 || total < VNET_HLEN + size) {
      debug("vu_send_single: no space to send the data "
            "elem_cnt %d size %zu", elem_cnt, total);
      goto err;
  }
-	total -= VNET_HLEN;
-
  /* copy data from the buffer to the iovec */
-	iov_from_buf(in_sg, in_total, VNET_HLEN, buf, total);
+	iov_from_buf(in_sg, in_total, VNET_HLEN, buf, size);
if (*c->pcap)
      pcap_iov(in_sg, in_total, VNET_HLEN, size);
+	vu_pad(in_sg, in_total, VNET_HLEN + size);
  vu_flush(vdev, vq, elem, elem_cnt, VNET_HLEN + size);
  vu_queue_notify(vdev, vq);
-	trace("vhost-user sent %zu", total);
+	trace("vhost-user sent %zu", size);
-	return total;
+	return size;
 err:
  for (i = 0; i < elem_cnt; i++)
      vu_queue_detach_element(vq);
@@ -292,15 +291,15 @@ err:
 }
/**
- * vu_pad() - Pad 802.3 frame to minimum length (60 bytes) if needed
- * @iov:	Buffer in iovec array where end of 802.3 frame is stored
- * @l2len:	Layer-2 length already filled in frame
+ * vu_pad() - Pad short frames to minimum Ethernet length and truncate iovec
+ * @iov:	Pointer to iovec array
+ * @cnt:	Number of entries in @iov
+ * @frame_len:	Data length in @iov (including virtio-net header)
  */
-void vu_pad(struct iovec *iov, size_t l2len)
+void vu_pad(const struct iovec *iov, size_t cnt, size_t frame_len)
 {
-	if (l2len >= ETH_ZLEN)
-		return;
+	size_t min_frame_len = ETH_ZLEN + VNET_HLEN;
-	memset((char *)iov->iov_base + iov->iov_len, 0, ETH_ZLEN - l2len);
-	iov->iov_len += ETH_ZLEN - l2len;
+	if (frame_len < min_frame_len)
+		iov_memset(iov, cnt, frame_len, 0, min_frame_len - frame_len);
 }
diff --git a/vu_common.h b/vu_common.h
index 77d1849e6115..51f70084a7cb 100644
--- a/vu_common.h
+++ b/vu_common.h
@@ -44,6 +44,6 @@ void vu_flush(const struct vu_dev *vdev, struct vu_virtq *vq,
 void vu_kick_cb(struct vu_dev *vdev, union epoll_ref ref,
      const struct timespec *now);
 int vu_send_single(const struct ctx *c, const void *buf, size_t size);
-void vu_pad(struct iovec *iov, size_t l2len);
+void vu_pad(const struct iovec *iov, size_t cnt, size_t frame_len);
#endif /* VU_COMMON_H */
-- 
2.53.0
-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

    