Comment 3 for bug 1034281

Revision history for this message
In , Petr (petr-redhat-bugs) wrote :

Mitigation as recommended by Ben Hutchings
------------------------------------------

If all processes that may send on the sfc interface use Onload, or do
not use TCP, the vulnerability does not exist.

The vulnerability can otherwise be avoided by making a temporary
configuration change. For an sfc interface named eth0, either:

a. Increase the TX queue size:
       ethtool -G eth0 tx 4096
   This can increase TX latency and memory usage.

or:

b. Disable TSO:
       ethtool -K eth0 tso off
   This can reduce TX throughput and/or increase CPU usage.