Re: [PATCH] r8169: offical fix for CVE-2009-4537 (overlength frameDMAs)

[Ben Hutchings]

On Mon, 2010-03-29 at 12:03 -0400, Neil Horman wrote:
> Official patch to fix the r8169 frame length check error.
> 
> Based on this initial thread:
> http://marc.info/?l=linux-netdev&m=126202972828626&w=1
> This is the official patch to fix the frame length problems in the r8169
> driver.  As noted in the previous thread, while this patch incurs a performance
> hit on the driver, its possible to improve performance dynamically by updating
> the mtu and rx_copybreak values at runtime to return performance to what it was
> for those NICS which are unaffected by the ideosyncracy (if there are any).
[...]

I have to say that this compromise behaviour is highly non-obvious.
Further, there is now no way to set a non-standard MTU without enabling
the insecure behaviour.  (This is in part a flaw in the driver
interface, of course.  We should have an interface to get and set MRU
rather than making drivers decide an MRU based on the MTU,
inconsistently and without any visibility to the administrator.)

It also sucks that the secure but low-performance behaviour is enabled
for all variants, while AIUI only some suffer from the bug.  I realise
you probably don't have access to every variant (and neither does
Francois) but perhaps you could come up with a test case that could be
used to start whitelisting common variants that don't have the bug?

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

Attachment: signature.asc
Description: This is a digitally signed message part