oss-sec mailing list archives

CVE request kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500

From: Eugene Teo <eugeneteo () kernel sg>
Date: Thu, 15 Oct 2009 14:20:00 +0800

Executing ping -f -s 3000 IP in a certain network setup could trigger anout-of-IOMMU error, leading to a denial of service.


Steps to reproduce the issue:
https://bugzilla.redhat.com/show_bug.cgi?id=529137#c0

Triggering the issue would result in:
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0
<Repeated Many Many Times>
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0

HARDWARE ERROR
CPU 0: Machine Check Exception:                7 Bank 4: bc0000000005001b
RIP 10:<ffffffff8006b2b0> {default_idle+0x29/0x50}
TSC 10116da2355 ADDR 4000000 MISC c008000001000000
This is not a software problem!
Run through mcelog --ascii to decode and contact your hardware vendor
Kernel panic - not syncing: Uncorrected machine check
 <7>APIC error on CPU2: 00(08)

Upstream commits:
http://git.kernel.org/linus/a866bbf6aacf95f849810079442a20be118ce905
http://git.kernel.org/linus/97d477a914b146e7e6722ded21afa79886ae8ccd

References:
http://bugzilla.kernel.org/show_bug.cgi?id=9468
https://bugzilla.redhat.com/show_bug.cgi?id=529137

Thanks, Eugene

Current thread:

CVE request kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500 Eugene Teo (Oct 14)
- Re: CVE request kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500 Eugene Teo (Oct 14)
  - Re: CVE request kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500 Eugene Teo (Oct 15)
- Re: CVE request kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500 Josh Bressers (Oct 15)