| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <51915F77.5000405@broadcom.com>
Date: Mon, 13 May 2013 14:47:35 -0700
From: "Nithin Nayak Sujir" <nsujir@...adcom.com>
To: "Eric Dumazet" <eric.dumazet@...il.com>
cc: davem@...emloft.net, netdev@...r.kernel.org,
"Michael Chan" <mchan@...adcom.com>, stable@...r.kernel.org
Subject: Re: [PATCH v2 net 2/2] tg3: Fix data corruption on 5725 with
TSO
On 05/13/2013 02:40 PM, Eric Dumazet wrote:
> On Mon, 2013-05-13 at 14:34 -0700, Nithin Nayak Sujir wrote:
>>
>> On 05/13/2013 02:14 PM, Eric Dumazet wrote:
>
>>>> +/* Test for TSO DMA buffers that cross into regions which are within MSS bytes
>>>> + * of any 4GB boundaries: 4G, 8G, etc
>>>> + */
>>>> +static inline int tg3_4g_tso_overflow_test(struct tg3 *tp, dma_addr_t mapping,
>>>> + u32 len, u32 mss)
>>>> +{
>>>> + if (tg3_asic_rev(tp) == ASIC_REV_5762 && mss) {
>>>> + u32 base = (u32) mapping & 0xffffffff;
>>>> +
>>>> + return ((base + len + (mss & 0x3fff)) < base);
>>>> + }
>>>> + return 0;
>>>> +}
>>>> +
>>>
>>> I am curious : Does this condition even triggers ?
>>>
>>
>> Yes, it's a rare problem to occur and was reported in our lab. After we
>> implemented this fix, the problem didn't happen again.
>>
>
> I just cant figure out which part of the kernel could allocate a
> fragment spanning a 4G region.
>
For the bug to occur, the fragment does not have to span a 4G boundary. If it is
within MSS bytes (9.6k) of a 4G boundary, it triggers the failure.
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists