diff options
author | Jesse Brandeburg <jesse.brandeburg@intel.com> | 2010-01-19 14:15:59 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-01-20 16:21:23 -0800 |
commit | b94b50289622e816adc9f94111cfc2679c80177c (patch) | |
tree | 9545a229c7ef2dbdcdc8300fd4d84ff3cafc7808 /drivers/net/e1000e/e1000.h | |
parent | 40a14deaf411592b57cb0720f0e8004293ab9865 (diff) | |
download | linux-b94b50289622e816adc9f94111cfc2679c80177c.tar.bz2 |
e1000e: enhance frame fragment detection
Originally patched by Neil Horman <nhorman@tuxdriver.com>
e1000e could with a jumbo frame enabled interface, and packet split disabled,
receive a packet that would overflow a single rx buffer. While in practice
very hard to craft a packet that could abuse this, it is possible.
this is related to CVE-2009-4538
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/e1000e/e1000.h')
-rw-r--r-- | drivers/net/e1000e/e1000.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/net/e1000e/e1000.h b/drivers/net/e1000e/e1000.h index d6ee28f6ea08..d236efaf7478 100644 --- a/drivers/net/e1000e/e1000.h +++ b/drivers/net/e1000e/e1000.h @@ -421,6 +421,7 @@ struct e1000_info { /* CRC Stripping defines */ #define FLAG2_CRC_STRIPPING (1 << 0) #define FLAG2_HAS_PHY_WAKEUP (1 << 1) +#define FLAG2_IS_DISCARDING (1 << 2) #define E1000_RX_DESC_PS(R, i) \ (&(((union e1000_rx_desc_packet_split *)((R).desc))[i])) |