ipv4: Switch inet_addr_hash() to less predictable hash.

Recently, commit 4a0ec2aa0704 ("ipv6: switch inet6_addr_hash()
to less predictable hash") and commit 4daf4dc275f1 ("ipv6: switch
inet6_acaddr_hash() to less predictable hash") hardened IPv6
address hash functions.

inet_addr_hash() is also highly predictable, and a malicious use
could abuse a specific bucket.

Let's follow the change on IPv4 by using jhash_1word().

Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241018014100.93776-1-kuniyu@amazon.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/include/net/ip.h b/include/net/ip.h
index 4be0a6a603b2b5d5cfddc045a7d49d0d77be9570..0e548c1f2a0ecd6dd6616a456c6cf9284d1c6203 100644 (file)
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -690,6 +690,11 @@ static inline unsigned int ipv4_addr_hash(__be32 ip)
        return (__force unsigned int) ip;
 }
 
+static inline u32 __ipv4_addr_hash(const __be32 ip, const u32 initval)
+{
+       return jhash_1word((__force u32)ip, initval);
+}
+
 static inline u32 ipv4_portaddr_hash(const struct net *net,
                                     __be32 saddr,
                                     unsigned int port)

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 0ff9c0abfaa0e7dd12eb22ac8622d86a59103df3..5f859d01cbbe5a97aeba0a70d7cf00353421b669 100644 (file)
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -121,7 +121,7 @@ struct inet_fill_args {
 
 static u32 inet_addr_hash(const struct net *net, __be32 addr)
 {
-       u32 val = (__force u32) addr ^ net_hash_mix(net);
+       u32 val = __ipv4_addr_hash(addr, net_hash_mix(net));
 
        return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
 }