| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACRpkdZaFn8QsfS9m5w0Eq8sRc9-zoopGHXp9Lu1aJzkKRhB9g@mail.gmail.com>
Date: Wed, 15 May 2024 21:43:38 +0200
From: Linus Walleij <linus.walleij@...aro.org>
To: Eric Dumazet <edumazet@...gle.com>
Cc: Hans Ulli Kroll <ulli.kroll@...glemail.com>, "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Andrew Lunn <andrew@...n.ch>,
netdev@...r.kernel.org
Subject: Re: [PATCH net-next v3 1/5] net: ethernet: cortina: Restore TSO support
On Tue, May 14, 2024 at 11:11 PM Linus Walleij <linus.walleij@...aro.org> wrote:
> On Tue, May 14, 2024 at 11:13 AM Eric Dumazet <edumazet@...gle.com> wrote:
> > On Mon, May 13, 2024 at 3:38 PM Linus Walleij <linus.walleij@...aro.org> wrote:
>
> > > + mss += skb_tcp_all_headers(skb);
> > > + netdev_dbg(netdev, "segment offloading mss = %04x len=%04x\n",
> > > + mss, skb->len);
> > > + word1 |= TSS_MTU_ENABLE_BIT;
> > > + word3 |= mss;
> > > + } else if (skb->len >= ETH_FRAME_LEN) {
> >
> > Note that this code path should be dead, because the upper layers
> > should drop the packets before reaching this point.
> > I wonder how you have tested it.
>
> It's actually easy to provoke with UDP jumboframes.
Oh and it also happens with TCP. This is when TSO is not used, but
the packet goes into a DSA switch and you transmit
a maximum sized TCP packet. The DSA tagging code will add
some bytes of tag to the frame making it exceed ETH_FRAME_LEN,
and this will crash the HW checksumming engine.
This was how I found the original bugs in the driver...
Yours,
Linus Walleij
Powered by blists - more mailing lists