diff mbox series

[v2,net-next,4/4] ipv4: Retire global IPv4 hash table inet_addr_lst.

Message ID 20241004195958.64396-5-kuniyu@amazon.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series ipv4: Namespacify IPv4 address hash table. | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 6 this patch: 6
netdev/build_tools success Errors and warnings before: 0 (+1) this patch: 0 (+1)
netdev/cc_maintainers success CCed 5 of 5 maintainers
netdev/build_clang success Errors and warnings before: 8 this patch: 8
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 374 this patch: 374
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 53 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 1 this patch: 1
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-10-06--15-00 (tests: 775)

Commit Message

Kuniyuki Iwashima Oct. 4, 2024, 7:59 p.m. UTC 
No one uses inet_addr_lst anymore, so let's remove it.

While at it, we can remove net_hash_mix() from the hash calculation.

Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
---
 include/linux/inetdevice.h |  1 -
 net/ipv4/devinet.c         | 14 +-------------
 2 files changed, 1 insertion(+), 14 deletions(-)

Comments

Paolo Abeni Oct. 8, 2024, 11:10 a.m. UTC | #1 
On 10/4/24 21:59, Kuniyuki Iwashima wrote:
> No one uses inet_addr_lst anymore, so let's remove it.
> 
> While at it, we can remove net_hash_mix() from the hash calculation.

Is that really safe? it will make hash collision predictable in a 
deterministic way.

FTR, IPv6 still uses the net seed.

Thanks,

Paolo
Eric Dumazet Oct. 8, 2024, 11:21 a.m. UTC | #2 
On Tue, Oct 8, 2024 at 1:10 PM Paolo Abeni <pabeni@redhat.com> wrote:
>
> On 10/4/24 21:59, Kuniyuki Iwashima wrote:
> > No one uses inet_addr_lst anymore, so let's remove it.
> >
> > While at it, we can remove net_hash_mix() from the hash calculation.
>
> Is that really safe? it will make hash collision predictable in a
> deterministic way.
>
> FTR, IPv6 still uses the net seed.

I was planning to switch ipv6 to a safer hash, because the
ipv6_addr_hash() is also predictable.
It is easy for an attacker to push 10000 ipv6 addresses on the same slot.

We have netns isolation for sure, but being able to use a big amount
of cpu cycles in the kernel is an issue.


diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 94dceac528842c47c18e71ad75e9d16ae373b4f2..f31528d4f694e42032276ddd6230b23911c480b5
100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1016,7 +1016,7 @@ ipv6_link_dev_addr(struct inet6_dev *idev,
struct inet6_ifaddr *ifp)

 static u32 inet6_addr_hash(const struct net *net, const struct in6_addr *addr)
 {
-       u32 val = ipv6_addr_hash(addr) ^ net_hash_mix(net);
+       u32 val = __ipv6_addr_jhash(addr, net_hash_mix(net));

        return hash_32(val, IN6_ADDR_HSIZE_SHIFT);
 }
Kuniyuki Iwashima Oct. 8, 2024, 5:09 p.m. UTC | #3 
From: Eric Dumazet <edumazet@google.com>
Date: Tue, 8 Oct 2024 13:21:08 +0200
> On Tue, Oct 8, 2024 at 1:10 PM Paolo Abeni <pabeni@redhat.com> wrote:
> >
> > On 10/4/24 21:59, Kuniyuki Iwashima wrote:
> > > No one uses inet_addr_lst anymore, so let's remove it.
> > >
> > > While at it, we can remove net_hash_mix() from the hash calculation.
> >
> > Is that really safe? it will make hash collision predictable in a
> > deterministic way.
> >
> > FTR, IPv6 still uses the net seed.
> 
> I was planning to switch ipv6 to a safer hash, because the
> ipv6_addr_hash() is also predictable.
> It is easy for an attacker to push 10000 ipv6 addresses on the same slot.
> 
> We have netns isolation for sure, but being able to use a big amount
> of cpu cycles in the kernel is an issue.

I'll keep inet_addr_hash() as is in patch 4, and once the IPv6
changes are applied, I'll post another patch to follow the change
in IPv4 using __ipv4_addr_hash().

static inline u32 __ipv4_addr_hash(const struct net *net, __be32 ip)
{
	return jhash_1word((__force u32)ip, net_hash_mix(net));
}

Thanks!
diff mbox series

Patch

diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index d0c2bf67a9b0..d9c690c8c80b 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -141,7 +141,6 @@  static inline void ipv4_devconf_setall(struct in_device *in_dev)
 							  ARP_EVICT_NOCARRIER)
 
 struct in_ifaddr {
-	struct hlist_node	hash;
 	struct hlist_node	addr_lst;
 	struct in_ifaddr	__rcu *ifa_next;
 	struct in_device	*ifa_dev;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index ac245944e89e..6cdecee96cf5 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -119,13 +119,9 @@  struct inet_fill_args {
 #define IN4_ADDR_HSIZE_SHIFT	8
 #define IN4_ADDR_HSIZE		(1U << IN4_ADDR_HSIZE_SHIFT)
 
-static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
-
 static u32 inet_addr_hash(const struct net *net, __be32 addr)
 {
-	u32 val = (__force u32) addr ^ net_hash_mix(net);
-
-	return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
+	return hash_32((__force u32)addr, IN4_ADDR_HSIZE_SHIFT);
 }
 
 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
@@ -133,7 +129,6 @@  static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
 	u32 hash = inet_addr_hash(net, ifa->ifa_local);
 
 	ASSERT_RTNL();
-	hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
 	hlist_add_head_rcu(&ifa->addr_lst, &net->ipv4.inet_addr_lst[hash]);
 }
 
@@ -141,7 +136,6 @@  static void inet_hash_remove(struct in_ifaddr *ifa)
 {
 	ASSERT_RTNL();
 	hlist_del_init_rcu(&ifa->addr_lst);
-	hlist_del_init_rcu(&ifa->hash);
 }
 
 /**
@@ -228,7 +222,6 @@  static struct in_ifaddr *inet_alloc_ifa(struct in_device *in_dev)
 	in_dev_hold(in_dev);
 	ifa->ifa_dev = in_dev;
 
-	INIT_HLIST_NODE(&ifa->hash);
 	INIT_HLIST_NODE(&ifa->addr_lst);
 
 	return ifa;
@@ -2804,11 +2797,6 @@  static struct rtnl_af_ops inet_af_ops __read_mostly = {
 
 void __init devinet_init(void)
 {
-	int i;
-
-	for (i = 0; i < IN4_ADDR_HSIZE; i++)
-		INIT_HLIST_HEAD(&inet_addr_lst[i]);
-
 	register_pernet_subsys(&devinet_ops);
 	register_netdevice_notifier(&ip_netdev_notifier);