lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Jun 2009 17:25:27 +0400 From: Michael Tokarev <mjt@....msk.ru> To: Linux-kernel <linux-kernel@...r.kernel.org>, netdev <netdev@...r.kernel.org> Subject: [Security, resend] Instant crash with rtl8169 and large packets [Please excuse me for the resend, -- picked the wrong address for netdev again] Hello. This is a resend (sort of) of several months old email. Previous email about this issue has been mostly ignored. The situation is very simple: with an RTL8169 (probably onboard) GigE card which, by default, is configured to have MTU (maximal transmission unit) to be 1500 bytes, it's *trivial* to instantly crash the machine by sending it a *single* packet of size >1500 bytes (provided the network switch can handle jumbo frames). I verified with on several different machines - all I were able to find with this card - and all behaves exactly the same. When sending a packet of size, say, 3000 bytes (ping -s 3000) from another machine to a machine running rtl8169 with no MTU configured, kernel OOPSes. I captured one such OOPS (unfortunately without the first line few lines) here: http://www.corpit.ru/mjt/r8169-mtu-oops.jpg (since the network goes boom at that time, no network console is working). But for anyone familiar with the driver's internals it should be easy to figure the issue out. This is, in my opinion, quite a serious issue. And I've no idea why it is being ignored for several months. Thanks. /mjt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists