From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4DEC4C433F5 for ; Mon, 1 Nov 2021 09:29:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 314FB613B1 for ; Mon, 1 Nov 2021 09:29:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232215AbhKAJbi (ORCPT ); Mon, 1 Nov 2021 05:31:38 -0400 Received: from mail.kernel.org ([198.145.29.99]:37040 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233019AbhKAJ2O (ORCPT ); Mon, 1 Nov 2021 05:28:14 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D5CA3611F2; Mon, 1 Nov 2021 09:22:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635758576; bh=yVyQhzYKaiw4bVwlgwIVx3LDIl3y+ilO8kY4Qds4HYI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QZBqfCTXK7Hx612fwDFwcusa4SDx51tEJnH9pp+nYLWQh3RBThdtqcvzS/rBvCd8o bHtsaAYQld10O67V92Od9Ux3jboLlvt+gTyRAyqCn/yr8/Wo77Gz3n7LbxIxD/m/+5 IHk7VJcO6eCi9C9+kwbUL0mnvIpUxjyqGL6SqN/w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Eric Dumazet , Keyu Man , Wei Wang , Martin KaFai Lau , "David S. Miller" , Ovidiu Panait Subject: [PATCH 5.4 06/51] ipv6: use siphash in rt6_exception_hash() Date: Mon, 1 Nov 2021 10:17:10 +0100 Message-Id: <20211101082501.593744517@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211101082500.203657870@linuxfoundation.org> References: <20211101082500.203657870@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Dumazet commit 4785305c05b25a242e5314cc821f54ade4c18810 upstream. A group of security researchers brought to our attention the weakness of hash function used in rt6_exception_hash() Lets use siphash instead of Jenkins Hash, to considerably reduce security risks. Following patch deals with IPv4. Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache") Signed-off-by: Eric Dumazet Reported-by: Keyu Man Cc: Wei Wang Cc: Martin KaFai Lau Acked-by: Wei Wang Signed-off-by: David S. Miller [OP: adjusted context for 5.4 stable] Signed-off-by: Ovidiu Panait Signed-off-by: Greg Kroah-Hartman --- net/ipv6/route.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -1502,17 +1503,24 @@ static void rt6_exception_remove_oldest( static u32 rt6_exception_hash(const struct in6_addr *dst, const struct in6_addr *src) { - static u32 seed __read_mostly; - u32 val; + static siphash_key_t rt6_exception_key __read_mostly; + struct { + struct in6_addr dst; + struct in6_addr src; + } __aligned(SIPHASH_ALIGNMENT) combined = { + .dst = *dst, + }; + u64 val; - net_get_random_once(&seed, sizeof(seed)); - val = jhash(dst, sizeof(*dst), seed); + net_get_random_once(&rt6_exception_key, sizeof(rt6_exception_key)); #ifdef CONFIG_IPV6_SUBTREES if (src) - val = jhash(src, sizeof(*src), val); + combined.src = *src; #endif - return hash_32(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT); + val = siphash(&combined, sizeof(combined), &rt6_exception_key); + + return hash_64(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT); } /* Helper function to find the cached rt in the hash table