lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 22 Jan 2019 12:02:24 -0500
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Ben Hutchings <ben.hutchings@...ethink.co.uk>
Cc:     "David S. Miller" <davem@...emloft.net>,
        netdev <netdev@...r.kernel.org>, Daniel Axtens <dja@...ens.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Mahesh Bandewar <maheshb@...gle.com>, michael.chan@...adcom.com
Subject: Re: GSO where gso_size is too big for hardware

On Tue, Jan 22, 2019 at 11:24 AM Ben Hutchings
<ben.hutchings@...ethink.co.uk> wrote:
>
> Last year you applied these fixes for a potential denial-of-service in
> the bnx2x driver:
>
> commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90
> Author: Daniel Axtens <dja@...ens.net>
> Date:   Wed Jan 31 14:15:33 2018 +1100
>
>     net: create skb_gso_validate_mac_len()
>
> commit 8914a595110a6eca69a5e275b323f5d09e18f4f9
> Author: Daniel Axtens <dja@...ens.net>
> Date:   Wed Jan 31 14:15:34 2018 +1100
>
>     bnx2x: disable GSO where gso_size is too big for hardware
>
> However I don't understand why the check is done only in the bnx2x
> driver.  Shouldn't the networking core ensure that gso_size + L3/L4
> headers is <= the device MTU?  If not, is every driver that does TSO
> expected to check this?
>
> Also, should these fixes go to stable?  I'm not sure whether you're
> still handling stable patches for any of the unfixed versions (< 4.16)
> now.
>
> Ben.

Irrespective of the GSO issue, this sounds relevant to this other thread

  Stack sends oversize UDP packet to the driver
  https://www.mail-archive.com/netdev@vger.kernel.org/msg279006.html

which discusses a specific cause of larger than MTU packets and its
effect on the bnxt.

Perhaps these patches were initially applied to the bnx2x driver only,
because at the time that was the only nic known to lock up on such
packets? Either way, a device independent validation is indeed
probably preferable (independent of fixing that lo flapping root
cause).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ