git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Daniel Borkmann <dborkman@redhat.com>
	Wed, 10 Dec 2014 15:33:10 +0000 (16:33 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 16 Dec 2014 17:39:06 +0000 (09:39 -0800)
commit	4b1c83d8c3dd4e11da7e1f4fc8c5cd513b77a0fe
tree	23cce74f221561f576504f8ce56539a619ce2a57	tree \| snapshot
parent	01da9f8b6b2ccc4f24aea3d4c46af1a3efbd0241	commit \| diff

netlink: use jhash as hashfn for rhashtable

[ Upstream commit 7f19fc5e0b617593dcda0d9956adc78b559ef1f5 ]

For netlink, we shouldn't be using arch_fast_hash() as a hashing
discipline, but rather jhash() instead.

Since netlink sockets can be opened by any user, a local attacker
would be able to easily create collisions with the DPDK-derived
arch_fast_hash(), which trades off performance for security by
using crc32 CPU instructions on x86_64.

While it might have a legimite use case in other places, it should
be avoided in netlink context, though. As rhashtable's API is very
flexible, we could later on still decide on other hashing disciplines,
if legitimate.

Reference: http://thread.gmane.org/gmane.linux.kernel/1844123
Fixes: e341694e3eb5 ("netlink: Convert netlink_lookup() to use RCU protected hash table")
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>