From: Ben Hutchings <ben@decadent.org.uk>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
michael.s.gilbert@gmail.com, davem@davemeloft.net,
romieu@fr.zoreil.com, eric.dumazet@gmail.com
Subject: Re: [PATCH] r8169: offical fix for CVE-2009-4537 (overlength frame DMAs)
Date: Mon, 29 Mar 2010 23:01:45 +0100 [thread overview]
Message-ID: <1269900105.8653.389.camel@localhost> (raw)
In-Reply-To: <20100329160356.GC22733@hmsreliant.think-freely.org>
[-- Attachment #1: Type: text/plain, Size: 1480 bytes --]
On Mon, 2010-03-29 at 12:03 -0400, Neil Horman wrote:
> Official patch to fix the r8169 frame length check error.
>
> Based on this initial thread:
> http://marc.info/?l=linux-netdev&m=126202972828626&w=1
> This is the official patch to fix the frame length problems in the r8169
> driver. As noted in the previous thread, while this patch incurs a performance
> hit on the driver, its possible to improve performance dynamically by updating
> the mtu and rx_copybreak values at runtime to return performance to what it was
> for those NICS which are unaffected by the ideosyncracy (if there are any).
[...]
I have to say that this compromise behaviour is highly non-obvious.
Further, there is now no way to set a non-standard MTU without enabling
the insecure behaviour. (This is in part a flaw in the driver
interface, of course. We should have an interface to get and set MRU
rather than making drivers decide an MRU based on the MTU,
inconsistently and without any visibility to the administrator.)
It also sucks that the secure but low-performance behaviour is enabled
for all variants, while AIUI only some suffer from the bug. I realise
you probably don't have access to every variant (and neither does
Francois) but perhaps you could come up with a test case that could be
used to start whitelisting common variants that don't have the bug?
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next prev parent reply other threads:[~2010-03-29 22:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-29 16:03 [PATCH] r8169: offical fix for CVE-2009-4537 (overlength frame DMAs) Neil Horman
2010-03-29 20:17 ` David Miller
2010-03-29 22:01 ` Ben Hutchings [this message]
2010-03-29 22:09 ` David Miller
2010-03-29 22:21 ` Ben Hutchings
2010-03-29 23:44 ` Neil Horman
2010-04-01 0:24 ` Brandon Philips
2010-04-01 1:07 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1269900105.8653.389.camel@localhost \
--to=ben@decadent.org.uk \
--cc=davem@davemeloft.net \
--cc=eric.dumazet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.s.gilbert@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=romieu@fr.zoreil.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).