lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 22 Jan 2019 16:24:46 +0000
From:   Ben Hutchings <ben.hutchings@...ethink.co.uk>
To:     "David S. Miller" <davem@...emloft.net>
Cc:     netdev <netdev@...r.kernel.org>, Daniel Axtens <dja@...ens.net>,
        Eric Dumazet <edumazet@...gle.com>
Subject: GSO where gso_size is too big for hardware

Last year you applied these fixes for a potential denial-of-service in
the bnx2x driver:

commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90
Author: Daniel Axtens <dja@...ens.net>
Date:   Wed Jan 31 14:15:33 2018 +1100

    net: create skb_gso_validate_mac_len()

commit 8914a595110a6eca69a5e275b323f5d09e18f4f9
Author: Daniel Axtens <dja@...ens.net>
Date:   Wed Jan 31 14:15:34 2018 +1100

    bnx2x: disable GSO where gso_size is too big for hardware

However I don't understand why the check is done only in the bnx2x
driver.  Shouldn't the networking core ensure that gso_size + L3/L4
headers is <= the device MTU?  If not, is every driver that does TSO
expected to check this?

Also, should these fixes go to stable?  I'm not sure whether you're
still handling stable patches for any of the unfixed versions (< 4.16)
now.

Ben.

-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ