--- /dev/null
+From foo@baz Fri Oct 29 05:02:10 PM CEST 2021
+From: Ovidiu Panait <ovidiu.panait@windriver.com>
+Date: Fri, 29 Oct 2021 10:50:25 +0300
+Subject: ipv4: use siphash instead of Jenkins in fnhe_hashfun()
+To: stable@vger.kernel.org
+Cc: gregkh@linuxfoundation.org
+Message-ID: <20211029075027.1910142-2-ovidiu.panait@windriver.com>
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 6457378fe796815c973f631a1904e147d6ee33b1 upstream.
+
+A group of security researchers brought to our attention
+the weakness of hash function used in fnhe_hashfun().
+
+Lets use siphash instead of Jenkins Hash, to considerably
+reduce security risks.
+
+Also remove the inline keyword, this really is distracting.
+
+Fixes: d546c621542d ("ipv4: harden fnhe_hashfun()")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: Keyu Man <kman001@ucr.edu>
+Cc: Willy Tarreau <w@1wt.eu>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+[OP: adjusted context for 4.19 stable]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/route.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -625,14 +625,14 @@ static void fnhe_remove_oldest(struct fn
+ kfree_rcu(oldest, rcu);
+ }
+
+-static inline u32 fnhe_hashfun(__be32 daddr)
++static u32 fnhe_hashfun(__be32 daddr)
+ {
+- static u32 fnhe_hashrnd __read_mostly;
+- u32 hval;
++ static siphash_key_t fnhe_hash_key __read_mostly;
++ u64 hval;
+
+- net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
+- hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
+- return hash_32(hval, FNHE_HASH_SHIFT);
++ net_get_random_once(&fnhe_hash_key, sizeof(fnhe_hash_key));
++ hval = siphash_1u32((__force u32)daddr, &fnhe_hash_key);
++ return hash_64(hval, FNHE_HASH_SHIFT);
+ }
+
+ static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
--- /dev/null
+From foo@baz Fri Oct 29 05:03:15 PM CEST 2021
+From: Eric Dumazet <edumazet@google.com>
+Date: Sun, 29 Aug 2021 15:16:14 -0700
+Subject: ipv6: make exception cache less predictible
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit a00df2caffed3883c341d5685f830434312e4a43 upstream.
+
+Even after commit 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()"),
+an attacker can still use brute force to learn some secrets from a victim
+linux host.
+
+One way to defeat these attacks is to make the max depth of the hash
+table bucket a random value.
+
+Before this patch, each bucket of the hash table used to store exceptions
+could contain 6 items under attack.
+
+After the patch, each bucket would contains a random number of items,
+between 6 and 10. The attacker can no longer infer secrets.
+
+This is slightly increasing memory size used by the hash table,
+we do not expect this to be a problem.
+
+Following patch is dealing with the same issue in IPv4.
+
+Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: Keyu Man <kman001@ucr.edu>
+Cc: Wei Wang <weiwan@google.com>
+Cc: Martin KaFai Lau <kafai@fb.com>
+Reviewed-by: David Ahern <dsahern@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+[OP: adjusted context for 4.19 stable]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/route.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -1454,6 +1454,7 @@ static int rt6_insert_exception(struct r
+ struct rt6_exception_bucket *bucket;
+ struct in6_addr *src_key = NULL;
+ struct rt6_exception *rt6_ex;
++ int max_depth;
+ int err = 0;
+
+ spin_lock_bh(&rt6_exception_lock);
+@@ -1515,7 +1516,9 @@ static int rt6_insert_exception(struct r
+ bucket->depth++;
+ net->ipv6.rt6_stats->fib_rt_cache++;
+
+- if (bucket->depth > FIB6_MAX_DEPTH)
++ /* Randomize max depth to avoid some side channels attacks. */
++ max_depth = FIB6_MAX_DEPTH + prandom_u32_max(FIB6_MAX_DEPTH);
++ while (bucket->depth > max_depth)
+ rt6_exception_remove_oldest(bucket);
+
+ out:
--- /dev/null
+From foo@baz Fri Oct 29 05:02:10 PM CEST 2021
+From: Ovidiu Panait <ovidiu.panait@windriver.com>
+Date: Fri, 29 Oct 2021 10:50:26 +0300
+Subject: ipv6: use siphash in rt6_exception_hash()
+To: stable@vger.kernel.org
+Cc: gregkh@linuxfoundation.org
+Message-ID: <20211029075027.1910142-3-ovidiu.panait@windriver.com>
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 4785305c05b25a242e5314cc821f54ade4c18810 upstream.
+
+A group of security researchers brought to our attention
+the weakness of hash function used in rt6_exception_hash()
+
+Lets use siphash instead of Jenkins Hash, to considerably
+reduce security risks.
+
+Following patch deals with IPv4.
+
+Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: Keyu Man <kman001@ucr.edu>
+Cc: Wei Wang <weiwan@google.com>
+Cc: Martin KaFai Lau <kafai@fb.com>
+Acked-by: Wei Wang <weiwan@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+[OP: adjusted context for 4.19 stable]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/route.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -45,6 +45,7 @@
+ #include <linux/nsproxy.h>
+ #include <linux/slab.h>
+ #include <linux/jhash.h>
++#include <linux/siphash.h>
+ #include <net/net_namespace.h>
+ #include <net/snmp.h>
+ #include <net/ipv6.h>
+@@ -1337,17 +1338,24 @@ static void rt6_exception_remove_oldest(
+ static u32 rt6_exception_hash(const struct in6_addr *dst,
+ const struct in6_addr *src)
+ {
+- static u32 seed __read_mostly;
+- u32 val;
++ static siphash_key_t rt6_exception_key __read_mostly;
++ struct {
++ struct in6_addr dst;
++ struct in6_addr src;
++ } __aligned(SIPHASH_ALIGNMENT) combined = {
++ .dst = *dst,
++ };
++ u64 val;
+
+- net_get_random_once(&seed, sizeof(seed));
+- val = jhash(dst, sizeof(*dst), seed);
++ net_get_random_once(&rt6_exception_key, sizeof(rt6_exception_key));
+
+ #ifdef CONFIG_IPV6_SUBTREES
+ if (src)
+- val = jhash(src, sizeof(*src), val);
++ combined.src = *src;
+ #endif
+- return hash_32(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT);
++ val = siphash(&combined, sizeof(combined), &rt6_exception_key);
++
++ return hash_64(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT);
+ }
+
+ /* Helper function to find the cached rt in the hash table
ata-sata_mv-fix-the-error-handling-of-mv_chip_id.patch
nfc-port100-fix-using-errno-as-command-type-mask.patch
revert-net-mdiobus-fix-memory-leak-in-__mdiobus_register.patch
+ipv4-use-siphash-instead-of-jenkins-in-fnhe_hashfun.patch
+ipv6-use-siphash-in-rt6_exception_hash.patch
+ipv6-make-exception-cache-less-predictible.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
