lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20221012134558.79737-1-saproj@gmail.com>
Date:   Wed, 12 Oct 2022 16:45:58 +0300
From:   Sergei Antonov <saproj@...il.com>
To:     netdev@...r.kernel.org
Cc:     davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, Sergei Antonov <saproj@...il.com>
Subject: [PATCH net] net: ftmac100: do not reject packets bigger than 1514

Dispite datasheet [1] saying the controller should allow incoming
packets of length >=1518, it only allows packets of length <=1514.

Since 1518 is a standard Ethernet maximum frame size, and it can
easily be encountered (in SSH for example), fix this behaviour:

* Set FTMAC100_MACCR_RX_FTL in the MAC Control Register.
* Check for packet size > 1518 in ftmac100_rx_packet_error().

[1]
https://bitbucket.org/Kasreyn/mkrom-uc7112lx/src/master/documents/FIC8120_DS_v1.2.pdf

Fixes: 8d77c036b57c ("net: add Faraday FTMAC100 10/100 Ethernet driver")
Signed-off-by: Sergei Antonov <saproj@...il.com>
---
 drivers/net/ethernet/faraday/ftmac100.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c
index d95d78230828..34d0284079ff 100644
--- a/drivers/net/ethernet/faraday/ftmac100.c
+++ b/drivers/net/ethernet/faraday/ftmac100.c
@@ -154,6 +154,7 @@ static void ftmac100_set_mac(struct ftmac100 *priv, const unsigned char *mac)
 				 FTMAC100_MACCR_CRC_APD	| \
 				 FTMAC100_MACCR_FULLDUP	| \
 				 FTMAC100_MACCR_RX_RUNT	| \
+				 FTMAC100_MACCR_RX_FTL	| \
 				 FTMAC100_MACCR_RX_BROADPKT)
 
 static int ftmac100_start_hw(struct ftmac100 *priv)
@@ -320,6 +321,7 @@ static bool ftmac100_rx_packet_error(struct ftmac100 *priv,
 {
 	struct net_device *netdev = priv->netdev;
 	bool error = false;
+	const unsigned int length = ftmac100_rxdes_frame_length(rxdes);
 
 	if (unlikely(ftmac100_rxdes_rx_error(rxdes))) {
 		if (net_ratelimit())
@@ -337,9 +339,16 @@ static bool ftmac100_rx_packet_error(struct ftmac100 *priv,
 		error = true;
 	}
 
-	if (unlikely(ftmac100_rxdes_frame_too_long(rxdes))) {
+	/* The frame-too-long flag 'FTMAC100_RXDES0_FTL' is described in the
+	 * datasheet as: "When set, it indicates that the received packet
+	 * length exceeds 1518 bytes." But testing shows that it is also set
+	 * when packet length is equal to 1518.
+	 * Since 1518 is a standard Ethernet maximum frame size, let it pass
+	 * and only trigger an error when packet length really exceeds it.
+	 */
+	if (unlikely(ftmac100_rxdes_frame_too_long(rxdes) && length > 1518)) {
 		if (net_ratelimit())
-			netdev_info(netdev, "rx frame too long\n");
+			netdev_info(netdev, "rx frame too long (%u)\n", length);
 
 		netdev->stats.rx_length_errors++;
 		error = true;
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ