Commit 9926146b authored by Jesse Brandeburg's avatar Jesse Brandeburg Committed by David S. Miller
Browse files

e1000/e1000e: don't use small hardware rx buffers 



When testing the "e1000: enhance frame fragment detection" (and e1000e)
patches we found some bugs with reducing the MTU size.  The 1024 byte
descriptor used with the 1000 mtu test also (re) introduced the
(originally) reported bug, and causes us to need the e1000_clean_tx_irq
"enhance frame fragment detection" fix.

So what has occured here is that 2.6.32 is only vulnerable for mtu <
1500 due to the jumbo specific routines in both e1000 and e1000e.
So, 2.6.32 needs the 2kB buffer len fix for those smaller MTUs, but
is not vulnerable to the original issue reported.  It has been pointed
out that this vulnerability needs to be patched in older kernels that
don't have the e1000 jumbo routine.  Without the jumbo routines, we
need the "enhance frame fragment detection" fix the e1000, old
e1000e is only vulnerable for < 1500 mtu, and needs a similar
fix.  We split the patches up to provide easy backport paths.

There is only a slight bit of extra code when this fix and the
original "enhance frame fragment detection" fixes are applied, so
please apply both, even though it is a bit of overkill.

Signed-off-by: default avatarJesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 33d7959a

drivers/net/e1000/e1000_main.c

+1 −19
Original line number Diff line number Diff line
@@ -1698,18 +1698,6 @@ static void e1000_setup_rctl(struct e1000_adapter *adapter) 
	rctl &= ~E1000_RCTL_SZ_4096;

	rctl |= E1000_RCTL_BSEX;

	switch (adapter->rx_buffer_len) {

		case E1000_RXBUFFER_256:

			rctl |= E1000_RCTL_SZ_256;

			rctl &= ~E1000_RCTL_BSEX;

			break;

		case E1000_RXBUFFER_512:

			rctl |= E1000_RCTL_SZ_512;

			rctl &= ~E1000_RCTL_BSEX;

			break;

		case E1000_RXBUFFER_1024:

			rctl |= E1000_RCTL_SZ_1024;

			rctl &= ~E1000_RCTL_BSEX;

			break;

		case E1000_RXBUFFER_2048:

		default:

			rctl |= E1000_RCTL_SZ_2048;
@@ -3176,13 +3164,7 @@ static int e1000_change_mtu(struct net_device *netdev, int new_mtu) 
	 *  however with the new *_jumbo_rx* routines, jumbo receives will use

	 *  fragmented skbs */



	if (max_frame <= E1000_RXBUFFER_256)

		adapter->rx_buffer_len = E1000_RXBUFFER_256;

	else if (max_frame <= E1000_RXBUFFER_512)

		adapter->rx_buffer_len = E1000_RXBUFFER_512;

	else if (max_frame <= E1000_RXBUFFER_1024)

		adapter->rx_buffer_len = E1000_RXBUFFER_1024;

	else if (max_frame <= E1000_RXBUFFER_2048)

	if (max_frame <= E1000_RXBUFFER_2048)

		adapter->rx_buffer_len = E1000_RXBUFFER_2048;

	else

#if (PAGE_SIZE >= E1000_RXBUFFER_16384)

drivers/net/e1000e/netdev.c

+1 −19
Original line number Diff line number Diff line
@@ -2350,18 +2350,6 @@ static void e1000_setup_rctl(struct e1000_adapter *adapter) 
	rctl &= ~E1000_RCTL_SZ_4096;

	rctl |= E1000_RCTL_BSEX;

	switch (adapter->rx_buffer_len) {

	case 256:

		rctl |= E1000_RCTL_SZ_256;

		rctl &= ~E1000_RCTL_BSEX;

		break;

	case 512:

		rctl |= E1000_RCTL_SZ_512;

		rctl &= ~E1000_RCTL_BSEX;

		break;

	case 1024:

		rctl |= E1000_RCTL_SZ_1024;

		rctl &= ~E1000_RCTL_BSEX;

		break;

	case 2048:

	default:

		rctl |= E1000_RCTL_SZ_2048;
@@ -4334,13 +4322,7 @@ static int e1000_change_mtu(struct net_device *netdev, int new_mtu) 
	 * fragmented skbs

	 */



	if (max_frame <= 256)

		adapter->rx_buffer_len = 256;

	else if (max_frame <= 512)

		adapter->rx_buffer_len = 512;

	else if (max_frame <= 1024)

		adapter->rx_buffer_len = 1024;

	else if (max_frame <= 2048)

	if (max_frame <= 2048)

		adapter->rx_buffer_len = 2048;

	else

		adapter->rx_buffer_len = 4096;

CRA Git | Maintained and supported by SUSTech CRA and CCSE