| Message ID | 20241018014100.93776-1-kuniyu@amazon.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | c972c1c41d9b20fb38b54e77dcee763e27e715a9 |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [v1,net-next] ipv4: Switch inet_addr_hash() to less predictable hash. | expand |
On Fri, Oct 18, 2024 at 3:41 AM Kuniyuki Iwashima <kuniyu@amazon.com> wrote: > > Recently, commit 4a0ec2aa0704 ("ipv6: switch inet6_addr_hash() > to less predictable hash") and commit 4daf4dc275f1 ("ipv6: switch > inet6_acaddr_hash() to less predictable hash") hardened IPv6 > address hash functions. > > inet_addr_hash() is also highly predictable, and a malicious use > could abuse a specific bucket. > > Let's follow the change on IPv4 by using jhash_1word(). > > Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com>
Hello: This patch was applied to netdev/net-next.git (main) by Paolo Abeni <pabeni@redhat.com>: On Thu, 17 Oct 2024 18:41:00 -0700 you wrote: > Recently, commit 4a0ec2aa0704 ("ipv6: switch inet6_addr_hash() > to less predictable hash") and commit 4daf4dc275f1 ("ipv6: switch > inet6_acaddr_hash() to less predictable hash") hardened IPv6 > address hash functions. > > inet_addr_hash() is also highly predictable, and a malicious use > could abuse a specific bucket. > > [...] Here is the summary with links: - [v1,net-next] ipv4: Switch inet_addr_hash() to less predictable hash. https://git.kernel.org/netdev/net-next/c/c972c1c41d9b You are awesome, thank you!
diff --git a/include/net/ip.h b/include/net/ip.h index 4be0a6a603b2..0e548c1f2a0e 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -690,6 +690,11 @@ static inline unsigned int ipv4_addr_hash(__be32 ip) return (__force unsigned int) ip; } +static inline u32 __ipv4_addr_hash(const __be32 ip, const u32 initval) +{ + return jhash_1word((__force u32)ip, initval); +} + static inline u32 ipv4_portaddr_hash(const struct net *net, __be32 saddr, unsigned int port) diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index d81fff93d208..3e5e3b5e78c4 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -121,7 +121,7 @@ struct inet_fill_args { static u32 inet_addr_hash(const struct net *net, __be32 addr) { - u32 val = (__force u32) addr ^ net_hash_mix(net); + u32 val = __ipv4_addr_hash(addr, net_hash_mix(net)); return hash_32(val, IN4_ADDR_HSIZE_SHIFT); }
Recently, commit 4a0ec2aa0704 ("ipv6: switch inet6_addr_hash() to less predictable hash") and commit 4daf4dc275f1 ("ipv6: switch inet6_acaddr_hash() to less predictable hash") hardened IPv6 address hash functions. inet_addr_hash() is also highly predictable, and a malicious use could abuse a specific bucket. Let's follow the change on IPv4 by using jhash_1word(). Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> --- include/net/ip.h | 5 +++++ net/ipv4/devinet.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-)