From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96D14C433F5 for ; Mon, 1 Nov 2021 09:28:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7F4456137E for ; Mon, 1 Nov 2021 09:28:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232021AbhKAJaw (ORCPT ); Mon, 1 Nov 2021 05:30:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:58248 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232655AbhKAJ0a (ORCPT ); Mon, 1 Nov 2021 05:26:30 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C6643610CB; Mon, 1 Nov 2021 09:22:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635758534; bh=XP6xqaCKaVSIlA0u5zfaKe8UB3AZGYZFVkc+IJ3zeA4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rSpR2lppFNNNnJozPGVC3Z0JRyfgfjAE7PPtqz1XzKzUNnSqV9oDCCIYaSBEp1M8k UxG7HEsrQm0v0TVDDGla/ocBS8B+fFAyzKdF2Ec0lBbCC1mX0XZDd0RE13thv+97i7 9BRhzS0qNf90wR+MGHq3WO43vFTmbDCpVnmMO4jw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Eric Dumazet , Keyu Man , Wei Wang , Martin KaFai Lau , "David S. Miller" , Ovidiu Panait Subject: [PATCH 4.19 14/35] ipv6: use siphash in rt6_exception_hash() Date: Mon, 1 Nov 2021 10:17:26 +0100 Message-Id: <20211101082454.927128089@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211101082451.430720900@linuxfoundation.org> References: <20211101082451.430720900@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Dumazet commit 4785305c05b25a242e5314cc821f54ade4c18810 upstream. A group of security researchers brought to our attention the weakness of hash function used in rt6_exception_hash() Lets use siphash instead of Jenkins Hash, to considerably reduce security risks. Following patch deals with IPv4. Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache") Signed-off-by: Eric Dumazet Reported-by: Keyu Man Cc: Wei Wang Cc: Martin KaFai Lau Acked-by: Wei Wang Signed-off-by: David S. Miller [OP: adjusted context for 4.19 stable] Signed-off-by: Ovidiu Panait Signed-off-by: Greg Kroah-Hartman --- net/ipv6/route.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include @@ -1337,17 +1338,24 @@ static void rt6_exception_remove_oldest( static u32 rt6_exception_hash(const struct in6_addr *dst, const struct in6_addr *src) { - static u32 seed __read_mostly; - u32 val; + static siphash_key_t rt6_exception_key __read_mostly; + struct { + struct in6_addr dst; + struct in6_addr src; + } __aligned(SIPHASH_ALIGNMENT) combined = { + .dst = *dst, + }; + u64 val; - net_get_random_once(&seed, sizeof(seed)); - val = jhash(dst, sizeof(*dst), seed); + net_get_random_once(&rt6_exception_key, sizeof(rt6_exception_key)); #ifdef CONFIG_IPV6_SUBTREES if (src) - val = jhash(src, sizeof(*src), val); + combined.src = *src; #endif - return hash_32(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT); + val = siphash(&combined, sizeof(combined), &rt6_exception_key); + + return hash_64(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT); } /* Helper function to find the cached rt in the hash table