[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: linux-2.6_2.6.32-48squeeze4 and Bug #701744



On Mon, 2013-09-30 at 20:25 +1000, Kris Shannon wrote:
> I was eagerly awating the release of linux-2.6_2.6.32-48squeeze4
> because it would fix #701744 (fallout from XSA-39: Linux netback DoS
> via malicious guest ring)
> 
> 
> It turns out I should have read the bug report more closely.
> 
>  #701744 was only about the xen-netback side of things.
> 
> 
> I haven't been able to find a debian bug about the REAL bug - the
> xen-netfront gso overflow.
> 
> 
> Upstream have patched this:
> http://git.kernel.org/linus/9ecd1a75d977e2e8c48139c7d3efed183f898d94
> 
> "netfront: reduce gso_max_size to account for max TCP header"
> 
> 
> Is this likely to go into a squeeze kernel?

Maybe.  Ian, is this going to be possible to backport?

> The xen environment I'm running these squeeze VM's in is running on
> CentOS dom0's and Redhat have closed the visible bugs I can find on
> this as "Not a bug" :(

Right, the over-64K skbs are very definitely a netfront bug and it is
correct for dom0 to reject them from an unpatched guest.

As a temporary workaround I think that turning off TSO on netfront would
avoid the problem, but it will reduce network TX performance.

Ben.

-- 
Ben Hutchings
I haven't lost my mind; it's backed up on tape somewhere.

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: