From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F560C432BE for ; Mon, 30 Aug 2021 00:39:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 415E560F42 for ; Mon, 30 Aug 2021 00:39:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236261AbhH3AkS (ORCPT ); Sun, 29 Aug 2021 20:40:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236250AbhH3AkM (ORCPT ); Sun, 29 Aug 2021 20:40:12 -0400 Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2D9FC061575 for ; Sun, 29 Aug 2021 17:39:19 -0700 (PDT) Received: by mail-pg1-x534.google.com with SMTP id x4so11863761pgh.1 for ; Sun, 29 Aug 2021 17:39:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=UM+0FVKt0nnLPHRVMW7+l28YC68L75hOl0nrTT3AeAU=; b=eMcy4hisXrRk/+tj+H2V1FLo1AoaRNToUyzED3StgjwJm1r1wIhIhyd1uEqXvUtlmI bbmbCvXDLhk3z59mOhn9jfik50zQ8UZ/YWJbx8CyuGph+OyJ4VxeJ1x41cLNGjmTuZzS HenoSRkYVBKUJ+xai07WgdB/NxnObDT28zf+KUNeeoaOCNPNJnrpZjmpAPPJFbRC7qbE Vi48Rfcf7MU7Msil0P5WQr5XfecvQIQFoPOYpQAEOzznhnSIYcjDptZwgjCqJMNZzT/V QJxXO6yLvue9M0jgJoj56SFtm4G0/G+LNCGPW9FlEn+Ynq7I3v14tmL99TqsRdjwtitO CtIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=UM+0FVKt0nnLPHRVMW7+l28YC68L75hOl0nrTT3AeAU=; b=eEFivh/IQC2J3Wsw8SC02xFQRd6y6a9rS170CYqOafVH7BDoricwp3PY0FwyPT43S3 GL8pGk+4G+euz4bNdE6s5uhKwXudxz2HkBVLwq9qduFSTB1/WGS8Ss+xjKtN+xur5BCP eS3v3oBc9X5M8pdpNfRINljoFcvUX1j2QA9NfqrCxxAHsUq1Po3tdnazFdh8GfFiNMq2 do8Z78K0uP6hObvF4kUeWvXyLOpx2p8TysjjO+9B9lN8I9wGMTBtZuEuk3uD3IKvC4EZ hLbojCUs98HTumE9o8Hdx+2OoTLqAmVpyzVgBcPmLCEKIs79/dQkZzzmJeuzmyQX/6F5 2eQA== X-Gm-Message-State: AOAM531R23NKP/zK24ZLCUrvH870ogJEWtLpbXwKVFjGSal3GuUOYLBO E35UNuocUgI0fZbukkLHm6g= X-Google-Smtp-Source: ABdhPJwdeEdfpEcC0/98wgBbT5JkaZbK4pfPKPNIrNn9y9Lx3CzInfEeAf8uE7ovXB6oSSPFUkUBfg== X-Received: by 2002:a63:131f:: with SMTP id i31mr19153914pgl.207.1630283959539; Sun, 29 Aug 2021 17:39:19 -0700 (PDT) Received: from Davids-MacBook-Pro.local ([8.45.42.119]) by smtp.googlemail.com with ESMTPSA id u4sm5916821pjm.36.2021.08.29.17.39.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 29 Aug 2021 17:39:19 -0700 (PDT) Subject: Re: [PATCH net 1/2] ipv6: make exception cache less predictible To: Eric Dumazet , "David S . Miller" , Jakub Kicinski Cc: netdev , Eric Dumazet , Willy Tarreau , Keyu Man , David Ahern , Wei Wang , Martin KaFai Lau References: <20210829221615.2057201-1-eric.dumazet@gmail.com> <20210829221615.2057201-2-eric.dumazet@gmail.com> From: David Ahern Message-ID: <7c8bdee5-66cf-996e-eaea-db3aee6f0d5f@gmail.com> Date: Sun, 29 Aug 2021 17:39:17 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20210829221615.2057201-2-eric.dumazet@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 8/29/21 3:16 PM, Eric Dumazet wrote: > From: Eric Dumazet > > Even after commit 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()"), > an attacker can still use brute force to learn some secrets from a victim > linux host. > > One way to defeat these attacks is to make the max depth of the hash > table bucket a random value. > > Before this patch, each bucket of the hash table used to store exceptions > could contain 6 items under attack. > > After the patch, each bucket would contains a random number of items, > between 6 and 10. The attacker can no longer infer secrets. > > This is slightly increasing memory size used by the hash table, > we do not expect this to be a problem. > > Following patch is dealing with the same issue in IPv4. > > Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache") > Signed-off-by: Eric Dumazet > Reported-by: Keyu Man > Cc: Wei Wang > Cc: Martin KaFai Lau > --- > net/ipv6/route.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > Reviewed-by: David Ahern