RE: [PATCH net 2/2] r8152: rx descriptor check

From: Hayes Wang
Date: Mon Nov 14 2016 - 01:44:17 EST

Next message: Shawn Guo: "Re: [PATCH] i.MX: Kconfig: Drop errata 769419 for Vybrid"
Previous message: Shawn Guo: "Re: [PATCH] ARM: dts: imx7d-pinfunc: fix UART pinmux defines"
In reply to: Mark Lord: "Re: [PATCH net 2/2] r8152: rx descriptor check"
Next in thread: Francois Romieu: "Re: [PATCH net 2/2] r8152: rx descriptor check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Francois Romieu [mailto:romieu@xxxxxxxxxxxxx]
> Sent: Friday, November 11, 2016 8:13 PM
[...]
> Invalid packet size corrupted receive descriptors in Realtek's device
> reminds of CVE-2009-4537.

Do you mean that the driver would get a packet exceed the size
which is set to RxMaxSize? I check it with our hw engineers.
They don't get any issue about RxMaxSize. And their test for
RxMaxSize register is fine.

> Is the silicium of both devices different enough to prevent the same
> exploit to happen ?

For this case, I don't think the device provide a invalid value
for the receive descriptors. However, the driver sees a different
value. That is why I say the memory is unbelievable.

Best Regards,
Hayes

Next message: Shawn Guo: "Re: [PATCH] i.MX: Kconfig: Drop errata 769419 for Vybrid"
Previous message: Shawn Guo: "Re: [PATCH] ARM: dts: imx7d-pinfunc: fix UART pinmux defines"
In reply to: Mark Lord: "Re: [PATCH net 2/2] r8152: rx descriptor check"
Next in thread: Francois Romieu: "Re: [PATCH net 2/2] r8152: rx descriptor check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]