e1000e: enhance frame fragment detection Originally patched by Neil Horman <nhorman@tuxdriver.com> e1000e could with a jumbo frame enabled interface, and packet split disabled, receive a packet that would overflow a single rx buffer. While in practice very hard to craft a packet that could abuse this, it is possible. this is related to CVE-2009-4538 Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> CC: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: b94b50289622e816adc9f94111cfc2679c80177c [log] [tgz]
author: Jesse Brandeburg <jesse.brandeburg@intel.com> Tue Jan 19 14:15:59 2010 +0000
committer: David S. Miller <davem@davemloft.net> Wed Jan 20 16:21:23 2010 -0800
tree: 9545a229c7ef2dbdcdc8300fd4d84ff3cafc7808
parent: 40a14deaf411592b57cb0720f0e8004293ab9865 [diff] [blame]
diff --git a/drivers/net/e1000e/e1000.h b/drivers/net/e1000e/e1000.h
index d6ee28f..d236efa 100644
--- a/drivers/net/e1000e/e1000.h
+++ b/drivers/net/e1000e/e1000.h

@@ -421,6 +421,7 @@
 /* CRC Stripping defines */
 #define FLAG2_CRC_STRIPPING               (1 << 0)
 #define FLAG2_HAS_PHY_WAKEUP              (1 << 1)
+#define FLAG2_IS_DISCARDING               (1 << 2)
 
 #define E1000_RX_DESC_PS(R, i)	    \
 	(&(((union e1000_rx_desc_packet_split *)((R).desc))[i]))
commit	b94b50289622e816adc9f94111cfc2679c80177c	[log] [tgz]
author	Jesse Brandeburg <jesse.brandeburg@intel.com>	Tue Jan 19 14:15:59 2010 +0000
committer	David S. Miller <davem@davemloft.net>	Wed Jan 20 16:21:23 2010 -0800
tree	9545a229c7ef2dbdcdc8300fd4d84ff3cafc7808
parent	40a14deaf411592b57cb0720f0e8004293ab9865 [diff] [blame]