| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Apr 2015 11:42:45 -0400 (EDT) From: David Miller <davem@...emloft.net> To: david@...son.dropbear.id.au Cc: anton@....ibm.com, tlfalcon@...ux.vnet.ibm.com, michael@...erman.id.au, linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, netdev@...r.kernel.org Subject: Re: [PATCHv2] ibmveth: Fix off-by-one error in ibmveth_change_mtu() From: David Gibson <david@...son.dropbear.id.au> Date: Thu, 23 Apr 2015 14:43:05 +1000 > AFAIK the PAPR document which defines the virtual device interface used by > the ibmveth driver doesn't specify a specific maximum MTU. So, in the > ibmveth driver, the maximum allowed MTU is determined by the maximum > allocated buffer size of 64k (corresponding to one page in the common case) > minus the per-buffer overhead IBMVETH_BUFF_OH (which has value 22 for 14 > bytes of ethernet header, plus 8 bytes for an opaque handle). > > This suggests a maximum allowable MTU of 65514 bytes, but in fact the > driver only permits a maximum MTU of 65513. This is because there is a < > instead of an <= in ibmveth_change_mtu(), which only permits an MTU which > is strictly smaller than the buffer size, rather than allowing the buffer > to be completely filled. > > This patch fixes the buglet. > > Signed-off-by: David Gibson <david@...son.dropbear.id.au> > Acked-by: Thomas Falcon <tlfalcon@...ux.vnet.ibm.com> Applied, thank you. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists