From: Eric Dumazet <dada1@cosmosbay.com>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, kaber@trash.net, stable@kernel.org
Subject: [NET] random : secure_tcp_sequence_number should not assume CONFIG_KTIME_SCALAR
Date: Tue, 13 Nov 2007 14:41:19 +0100 [thread overview]
Message-ID: <4739A97F.60206@cosmosbay.com> (raw)
In-Reply-To: <20071113.035019.268404275.davem@davemloft.net>
[-- Attachment #1: Type: text/plain, Size: 694 bytes --]
I discovered one other incorrect use of .tv64 (coming from me, I must
confess)
I guess this patch is needed for 2.6.24 and stable (2.6.22 & 2.6.23)
Thank you
[NET] random : secure_tcp_sequence_number should not assume
CONFIG_KTIME_SCALAR
All 32 bits machines but i386 dont have CONFIG_KTIME_SCALAR. On these
machines, ktime.tv64
is more than 4 times the (correct) result given by ktime_to_ns()
Again on these machines, using ktime_get_real().tv64 >> 6 give a 32bits
rollover every 64 seconds,
which is not wanted (less than the 120 s MSL)
Using ktime_to_ns() is the portable way to get nsecs from a ktime, and
have correct code.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
[-- Attachment #2: random.patch --]
[-- Type: text/plain, Size: 1146 bytes --]
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 1756b1f..5fee056 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1494,7 +1494,7 @@ __u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr,
seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK;
seq += keyptr->count;
- seq += ktime_get_real().tv64;
+ seq += ktime_to_ns(ktime_get_real());
return seq;
}
@@ -1556,7 +1556,7 @@ __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
* overlaps less than one time per MSL (2 minutes).
* Choosing a clock of 64 ns period is OK. (period of 274 s)
*/
- seq += ktime_get_real().tv64 >> 6;
+ seq += ktime_to_ns(ktime_get_real()) >> 6;
#if 0
printk("init_seq(%lx, %lx, %d, %d) = %d\n",
saddr, daddr, sport, dport, seq);
@@ -1616,7 +1616,7 @@ u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
seq = half_md4_transform(hash, keyptr->secret);
seq |= ((u64)keyptr->count) << (32 - HASH_BITS);
- seq += ktime_get_real().tv64;
+ seq += ktime_to_ns(ktime_get_real());
seq &= (1ull << 48) - 1;
#if 0
printk("dccp init_seq(%lx, %lx, %d, %d) = %d\n",
next prev parent reply other threads:[~2007-11-13 13:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-13 11:30 [NET] netfilter : xt_time should not assume CONFIG_KTIME_SCALAR Eric Dumazet
2007-11-13 11:50 ` David Miller
2007-11-13 12:07 ` Patrick McHardy
2007-11-13 12:48 ` Eric Dumazet
2007-11-13 15:38 ` Patrick McHardy
2007-11-13 13:41 ` Eric Dumazet [this message]
2007-11-14 5:13 ` [NET] random : secure_tcp_sequence_number " David Miller
2007-11-14 19:49 ` [stable] " Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4739A97F.60206@cosmosbay.com \
--to=dada1@cosmosbay.com \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.