From: Michael Tokarev <mjt@tls.msk.ru>
To: Linux-kernel <linux-kernel@vger.kernel.org>,
netdev <netdev@vger.kernel.org>
Subject: [Security, resend] Instant crash with rtl8169 and large packets
Date: Mon, 08 Jun 2009 17:25:27 +0400 [thread overview]
Message-ID: <4A2D1147.8020101@msgid.tls.msk.ru> (raw)
[Please excuse me for the resend, --
picked the wrong address for netdev again]
Hello.
This is a resend (sort of) of several months old email.
Previous email about this issue has been mostly ignored.
The situation is very simple: with an RTL8169 (probably
onboard) GigE card which, by default, is configured to
have MTU (maximal transmission unit) to be 1500 bytes,
it's *trivial* to instantly crash the machine by sending
it a *single* packet of size >1500 bytes (provided the
network switch can handle jumbo frames).
I verified with on several different machines - all I were
able to find with this card - and all behaves exactly the
same.
When sending a packet of size, say, 3000 bytes (ping -s 3000)
from another machine to a machine running rtl8169 with no
MTU configured, kernel OOPSes.
I captured one such OOPS (unfortunately without the first
line few lines) here:
http://www.corpit.ru/mjt/r8169-mtu-oops.jpg
(since the network goes boom at that time, no network console
is working).
But for anyone familiar with the driver's internals it
should be easy to figure the issue out.
This is, in my opinion, quite a serious issue. And I've no
idea why it is being ignored for several months.
Thanks.
/mjt
next reply other threads:[~2009-06-08 13:25 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-08 13:25 Michael Tokarev [this message]
2009-06-08 14:27 ` [Security, resend] Instant crash with rtl8169 and large packets Eric Dumazet
2009-06-08 14:53 ` Michael Tokarev
2009-06-08 15:06 ` Eric Dumazet
2009-06-08 15:37 ` Michael Tokarev
2009-06-08 15:59 ` Eric Dumazet
2009-06-08 16:26 ` Michael Tokarev
2009-06-08 17:30 ` Eric Dumazet
2009-06-08 19:28 ` Michael Tokarev
2009-06-08 19:57 ` Michael Tokarev
2009-06-08 21:17 ` Eric Dumazet
2009-06-08 21:27 ` Michael Tokarev
2009-06-09 11:20 ` Krzysztof Halasa
2009-06-08 22:02 ` Francois Romieu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A2D1147.8020101@msgid.tls.msk.ru \
--to=mjt@tls.msk.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).