LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Amit Klein <aksecurity@gmail.com>,
Benny Pinkas <benny@pinkas.net>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.19 03/32] inet: switch IP ID generator to siphash
Date: Mon, 3 Jun 2019 11:07:57 +0200 [thread overview]
Message-ID: <20190603090309.737358858@linuxfoundation.org> (raw)
In-Reply-To: <20190603090308.472021390@linuxfoundation.org>
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit df453700e8d81b1bdafdf684365ee2b9431fb702 ]
According to Amit Klein and Benny Pinkas, IP ID generation is too weak
and might be used by attackers.
Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix())
having 64bit key and Jenkins hash is risky.
It is time to switch to siphash and its 128bit keys.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reported-by: Benny Pinkas <benny@pinkas.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/siphash.h | 5 +++++
include/net/netns/ipv4.h | 2 ++
net/ipv4/route.c | 12 +++++++-----
net/ipv6/output_core.c | 30 ++++++++++++++++--------------
4 files changed, 30 insertions(+), 19 deletions(-)
--- a/include/linux/siphash.h
+++ b/include/linux/siphash.h
@@ -21,6 +21,11 @@ typedef struct {
u64 key[2];
} siphash_key_t;
+static inline bool siphash_key_is_zero(const siphash_key_t *key)
+{
+ return !(key->key[0] | key->key[1]);
+}
+
u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key);
#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key);
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -9,6 +9,7 @@
#include <linux/uidgid.h>
#include <net/inet_frag.h>
#include <linux/rcupdate.h>
+#include <linux/siphash.h>
struct tcpm_hash_bucket;
struct ctl_table_header;
@@ -214,5 +215,6 @@ struct netns_ipv4 {
unsigned int ipmr_seq; /* protected by rtnl_mutex */
atomic_t rt_genid;
+ siphash_key_t ip_id_key;
};
#endif
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -500,15 +500,17 @@ EXPORT_SYMBOL(ip_idents_reserve);
void __ip_select_ident(struct net *net, struct iphdr *iph, int segs)
{
- static u32 ip_idents_hashrnd __read_mostly;
u32 hash, id;
- net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd));
+ /* Note the following code is not safe, but this is okay. */
+ if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
+ get_random_bytes(&net->ipv4.ip_id_key,
+ sizeof(net->ipv4.ip_id_key));
- hash = jhash_3words((__force u32)iph->daddr,
+ hash = siphash_3u32((__force u32)iph->daddr,
(__force u32)iph->saddr,
- iph->protocol ^ net_hash_mix(net),
- ip_idents_hashrnd);
+ iph->protocol,
+ &net->ipv4.ip_id_key);
id = ip_idents_reserve(hash, segs);
iph->id = htons(id);
}
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -10,15 +10,25 @@
#include <net/secure_seq.h>
#include <linux/netfilter.h>
-static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
+static u32 __ipv6_select_ident(struct net *net,
const struct in6_addr *dst,
const struct in6_addr *src)
{
+ const struct {
+ struct in6_addr dst;
+ struct in6_addr src;
+ } __aligned(SIPHASH_ALIGNMENT) combined = {
+ .dst = *dst,
+ .src = *src,
+ };
u32 hash, id;
- hash = __ipv6_addr_jhash(dst, hashrnd);
- hash = __ipv6_addr_jhash(src, hash);
- hash ^= net_hash_mix(net);
+ /* Note the following code is not safe, but this is okay. */
+ if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
+ get_random_bytes(&net->ipv4.ip_id_key,
+ sizeof(net->ipv4.ip_id_key));
+
+ hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);
/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
* set the hight order instead thus minimizing possible future
@@ -41,7 +51,6 @@ static u32 __ipv6_select_ident(struct ne
*/
__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
{
- static u32 ip6_proxy_idents_hashrnd __read_mostly;
struct in6_addr buf[2];
struct in6_addr *addrs;
u32 id;
@@ -53,11 +62,7 @@ __be32 ipv6_proxy_select_ident(struct ne
if (!addrs)
return 0;
- net_get_random_once(&ip6_proxy_idents_hashrnd,
- sizeof(ip6_proxy_idents_hashrnd));
-
- id = __ipv6_select_ident(net, ip6_proxy_idents_hashrnd,
- &addrs[1], &addrs[0]);
+ id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
return htonl(id);
}
EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
@@ -66,12 +71,9 @@ __be32 ipv6_select_ident(struct net *net
const struct in6_addr *daddr,
const struct in6_addr *saddr)
{
- static u32 ip6_idents_hashrnd __read_mostly;
u32 id;
- net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
-
- id = __ipv6_select_ident(net, ip6_idents_hashrnd, daddr, saddr);
+ id = __ipv6_select_ident(net, daddr, saddr);
return htonl(id);
}
EXPORT_SYMBOL(ipv6_select_ident);
next prev parent reply other threads:[~2019-06-03 9:09 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-03 9:07 [PATCH 4.19 00/32] 4.19.48-stable review Greg Kroah-Hartman
2019-06-03 9:07 ` [PATCH 4.19 01/32] bonding/802.3ad: fix slave link initialization transition states Greg Kroah-Hartman
2019-06-03 9:07 ` [PATCH 4.19 02/32] cxgb4: offload VLAN flows regardless of VLAN ethtype Greg Kroah-Hartman
2019-06-03 9:07 ` Greg Kroah-Hartman [this message]
2019-06-03 9:07 ` [PATCH 4.19 04/32] ipv4/igmp: fix another memory leak in igmpv3_del_delrec() Greg Kroah-Hartman
2019-06-03 9:07 ` [PATCH 4.19 05/32] ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 06/32] ipv6: Consider sk_bound_dev_if when binding a raw socket to an address Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 07/32] ipv6: Fix redirect with VRF Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 08/32] llc: fix skb leak in llc_build_and_send_ui_pkt() Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 09/32] net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 10/32] net: fec: fix the clk mismatch in failed_reset path Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 11/32] net-gro: fix use-after-free read in napi_gro_frags() Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 12/32] net: mvneta: Fix err code path of probe Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 13/32] net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 14/32] net: phy: marvell10g: report if the PHY fails to boot firmware Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 15/32] net: sched: dont use tc_action->order during action dump Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 16/32] net: stmmac: fix reset gpio free missing Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 17/32] usbnet: fix kernel crash after disconnect Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 18/32] net/mlx5: Avoid double free in fs init error unwinding path Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 19/32] tipc: Avoid copying bytes beyond the supplied data Greg Kroah-Hartman
2019-06-04 7:49 ` Pavel Machek
2019-06-03 9:08 ` [PATCH 4.19 20/32] net/mlx5: Allocate root ns memory using kzalloc to match kfree Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 21/32] net/mlx5e: Disable rxhash when CQE compress is enabled Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 22/32] net: stmmac: dma channel control register need to be init first Greg Kroah-Hartman
2019-06-04 7:53 ` Pavel Machek
2019-06-03 9:08 ` [PATCH 4.19 23/32] bnxt_en: Fix aggregation buffer leak under OOM condition Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 24/32] net/tls: fix state removal with feature flags off Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 25/32] net/tls: dont ignore netdev notifications if no TLS features Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 26/32] crypto: vmx - ghash: do nosimd fallback manually Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 27/32] include/linux/compiler*.h: define asm_volatile_goto Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 28/32] compiler.h: give up __compiletime_assert_fallback() Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 29/32] jump_label: move asm goto support test to Kconfig Greg Kroah-Hartman
2019-06-04 9:30 ` Pavel Machek
2019-06-04 9:55 ` Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 30/32] xen/pciback: Dont disable PCI_COMMAND on PCI device reset Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 31/32] Revert "tipc: fix modprobe tipc failed after switch order of device registration" Greg Kroah-Hartman
2019-06-03 9:08 ` [PATCH 4.19 32/32] tipc: fix modprobe tipc failed after switch order of device registration Greg Kroah-Hartman
2019-06-03 15:09 ` [PATCH 4.19 00/32] 4.19.48-stable review kernelci.org bot
2019-06-03 17:16 ` Guenter Roeck
2019-06-03 18:33 ` Jon Hunter
2019-06-03 19:39 ` Naresh Kamboju
2019-06-03 23:33 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190603090309.737358858@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=aksecurity@gmail.com \
--cc=benny@pinkas.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--subject='Re: [PATCH 4.19 03/32] inet: switch IP ID generator to siphash' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).