| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1548174286.3229.299.camel@codethink.co.uk>
Date: Tue, 22 Jan 2019 16:24:46 +0000
From: Ben Hutchings <ben.hutchings@...ethink.co.uk>
To: "David S. Miller" <davem@...emloft.net>
Cc: netdev <netdev@...r.kernel.org>, Daniel Axtens <dja@...ens.net>,
Eric Dumazet <edumazet@...gle.com>
Subject: GSO where gso_size is too big for hardware
Last year you applied these fixes for a potential denial-of-service in
the bnx2x driver:
commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90
Author: Daniel Axtens <dja@...ens.net>
Date: Wed Jan 31 14:15:33 2018 +1100
net: create skb_gso_validate_mac_len()
commit 8914a595110a6eca69a5e275b323f5d09e18f4f9
Author: Daniel Axtens <dja@...ens.net>
Date: Wed Jan 31 14:15:34 2018 +1100
bnx2x: disable GSO where gso_size is too big for hardware
However I don't understand why the check is done only in the bnx2x
driver. Shouldn't the networking core ensure that gso_size + L3/L4
headers is <= the device MTU? If not, is every driver that does TSO
expected to check this?
Also, should these fixes go to stable? I'm not sure whether you're
still handling stable patches for any of the unfixed versions (< 4.16)
now.
Ben.
--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom
Powered by blists - more mailing lists