From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Eric Dumazet <edumazet@google.com>, Keyu Man <kman001@ucr.edu>,
Wei Wang <weiwan@google.com>, Martin KaFai Lau <kafai@fb.com>,
"David S. Miller" <davem@davemloft.net>,
Ovidiu Panait <ovidiu.panait@windriver.com>
Subject: [PATCH 4.19 14/35] ipv6: use siphash in rt6_exception_hash()
Date: Mon, 1 Nov 2021 10:17:26 +0100 [thread overview]
Message-ID: <20211101082454.927128089@linuxfoundation.org> (raw)
In-Reply-To: <20211101082451.430720900@linuxfoundation.org>
From: Eric Dumazet <edumazet@google.com>
commit 4785305c05b25a242e5314cc821f54ade4c18810 upstream.
A group of security researchers brought to our attention
the weakness of hash function used in rt6_exception_hash()
Lets use siphash instead of Jenkins Hash, to considerably
reduce security risks.
Following patch deals with IPv4.
Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Cc: Wei Wang <weiwan@google.com>
Cc: Martin KaFai Lau <kafai@fb.com>
Acked-by: Wei Wang <weiwan@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[OP: adjusted context for 4.19 stable]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/route.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -45,6 +45,7 @@
#include <linux/nsproxy.h>
#include <linux/slab.h>
#include <linux/jhash.h>
+#include <linux/siphash.h>
#include <net/net_namespace.h>
#include <net/snmp.h>
#include <net/ipv6.h>
@@ -1337,17 +1338,24 @@ static void rt6_exception_remove_oldest(
static u32 rt6_exception_hash(const struct in6_addr *dst,
const struct in6_addr *src)
{
- static u32 seed __read_mostly;
- u32 val;
+ static siphash_key_t rt6_exception_key __read_mostly;
+ struct {
+ struct in6_addr dst;
+ struct in6_addr src;
+ } __aligned(SIPHASH_ALIGNMENT) combined = {
+ .dst = *dst,
+ };
+ u64 val;
- net_get_random_once(&seed, sizeof(seed));
- val = jhash(dst, sizeof(*dst), seed);
+ net_get_random_once(&rt6_exception_key, sizeof(rt6_exception_key));
#ifdef CONFIG_IPV6_SUBTREES
if (src)
- val = jhash(src, sizeof(*src), val);
+ combined.src = *src;
#endif
- return hash_32(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT);
+ val = siphash(&combined, sizeof(combined), &rt6_exception_key);
+
+ return hash_64(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT);
}
/* Helper function to find the cached rt in the hash table
next prev parent reply other threads:[~2021-11-01 9:28 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-01 9:17 [PATCH 4.19 00/35] 4.19.215-rc1 review Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 01/35] ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 02/35] ARM: 9134/1: remove duplicate memcpy() definition Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 03/35] ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 04/35] ARM: 9141/1: only warn about XIP address when not compile testing Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 05/35] powerpc/bpf: Fix BPF_MOD when imm == 1 Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 06/35] arm64: Avoid premature usercopy failure Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 07/35] ARM: 8819/1: Remove -p from LDFLAGS Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 08/35] usbnet: sanity check for maxpacket Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 09/35] usbnet: fix error return code in usbnet_probe() Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 10/35] ata: sata_mv: Fix the error handling of mv_chip_id() Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 11/35] nfc: port100: fix using -ERRNO as command type mask Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 12/35] Revert "net: mdiobus: Fix memory leak in __mdiobus_register" Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 13/35] ipv4: use siphash instead of Jenkins in fnhe_hashfun() Greg Kroah-Hartman
2021-11-01 9:17 ` Greg Kroah-Hartman [this message]
2021-11-01 9:17 ` [PATCH 4.19 15/35] ipv6: make exception cache less predictible Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 16/35] mmc: vub300: fix control-message timeouts Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 17/35] mmc: cqhci: clear HALT state after CQE enable Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 18/35] mmc: dw_mmc: exynos: fix the finding clock sample value Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 19/35] mmc: sdhci: Map more voltage level to SDHCI_POWER_330 Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 20/35] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 21/35] net: lan78xx: fix division by zero in send path Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 22/35] RDMA/mlx5: Set user priority for DCT Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 23/35] arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 24/35] regmap: Fix possible double-free in regcache_rbtree_exit() Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 25/35] net: batman-adv: fix error handling Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 26/35] net: Prevent infinite while loop in skb_tx_hash() Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 27/35] nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 28/35] net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 29/35] net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 30/35] net: nxp: lpc_eth.c: avoid hang when bringing interface down Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 31/35] sctp: use init_tag from inithdr for ABORT chunk Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 32/35] sctp: fix the processing for COOKIE_ECHO chunk Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 33/35] sctp: add vtag check in sctp_sf_violation Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 34/35] sctp: add vtag check in sctp_sf_do_8_5_1_E_sa Greg Kroah-Hartman
2021-11-01 9:17 ` [PATCH 4.19 35/35] sctp: add vtag check in sctp_sf_ootb Greg Kroah-Hartman
2021-11-01 10:37 ` [PATCH 4.19 00/35] 4.19.215-rc1 review Pavel Machek
2021-11-01 11:42 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211101082454.927128089@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kafai@fb.com \
--cc=kman001@ucr.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=ovidiu.panait@windriver.com \
--cc=stable@vger.kernel.org \
--cc=weiwan@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox