lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20090720093134.GE11392@1wt.eu>
Date:	Mon, 20 Jul 2009 11:31:34 +0200
From:	Willy Tarreau <w@....eu>
To:	Michael Tokarev <mjt@....msk.ru>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Linux 2.4.37.3

On Mon, Jul 20, 2009 at 11:48:00AM +0400, Michael Tokarev wrote:
> Willy Tarreau wrote:
> >Linux 2.4.37.3 has just been released.
> []
> >The second major issue concerns the r8169 driver. Approximately one
> >month ago was revealed an issue with this driver, causing kernel
> >panics and possibly more if too large frames were sent to the chip
> >(CVE-2009-1389). 2.4 was not affected by the bug, but showed the
> >same symptoms. It turned out that there were multiple issues with
> >the setting of RX descriptors after reuse, and some recent 2.6
> >fixes allowing automatic recovery were missing. So after two long
> >days trying to figure out why that damn chip insisted in writing
> >more bytes than allowed (and crashing my box), I could spot and
> >fix the issues.
> >
> >If there are 2.4 users with this cheap NIC, I strongly suggest that
> >they upgrade, especially if they're used to encounter freezes or
> >lack of network connectivity once in a while ; for others, well, do
> >not buy that NIC.
> 
> The thing is that this very nic is used on-board on vast majority of
> mainboards, at least in cheap- to mid-range price, for amd and intel
> processors.  Also many notebooks use this chip series.  Several months
> ago I were shopping for a mainboard with certain characteristics (I
> needed 3 PCI ports and a way to plug some monitor, and support for 4
> ECC DIMMs and recent Phenom processors) - it was difficult to find such
> a combination alone, without additional constrains for !r8169 chip
> (I finally bought Asus M3A-H/HDMI mobo with atl1 NIC, just by a chance).

Yes I know that too. It took me some time to try to find a mainboard
without this chip. Gigabyte puts it everywhere, which is the *only*
reason I avoid their mainboards, which I find nice and reliable otherwise.
It's not acceptable to have such a crap on a $200 mainboard, that's not
the proper way to kill costs, as it costs one PCIe slot for the end user
to have decent network connectivity.

Fortunately we don't find it in servers, but it's often seen on low-end
embedded mainboards which have upgraded from 10/100 (8139) to 1000 (8169).

Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ