The following commits are needed to fix CVE-2021-20322: ipv4: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
ipv6: [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
* Commit [2] is already present in 4.14 stable. * Commits [3] and [4] are not needed in 4.14, as there is no exception hash table implementation for ipv6 (it was introduced in 4.15 by commit 35732d01fe31 ("ipv6: introduce a hash table to store dst cache")). * Therefore, backport only commit [1] with minor context adjustments.
Eric Dumazet (1): ipv4: use siphash instead of Jenkins in fnhe_hashfun()
net/ipv4/route.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
From: Eric Dumazet edumazet@google.com
commit 6457378fe796815c973f631a1904e147d6ee33b1 upstream.
A group of security researchers brought to our attention the weakness of hash function used in fnhe_hashfun().
Lets use siphash instead of Jenkins Hash, to considerably reduce security risks.
Also remove the inline keyword, this really is distracting.
Fixes: d546c621542d ("ipv4: harden fnhe_hashfun()") Signed-off-by: Eric Dumazet edumazet@google.com Reported-by: Keyu Man kman001@ucr.edu Cc: Willy Tarreau w@1wt.eu Signed-off-by: David S. Miller davem@davemloft.net [OP: adjusted context for 4.14 stable] Signed-off-by: Ovidiu Panait ovidiu.panait@windriver.com --- net/ipv4/route.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index d67d424be919..34cf572cc5dc 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -640,14 +640,14 @@ static void fnhe_remove_oldest(struct fnhe_hash_bucket *hash) kfree_rcu(oldest, rcu); }
-static inline u32 fnhe_hashfun(__be32 daddr) +static u32 fnhe_hashfun(__be32 daddr) { - static u32 fnhe_hashrnd __read_mostly; - u32 hval; + static siphash_key_t fnhe_hash_key __read_mostly; + u64 hval;
- net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd)); - hval = jhash_1word((__force u32) daddr, fnhe_hashrnd); - return hash_32(hval, FNHE_HASH_SHIFT); + net_get_random_once(&fnhe_hash_key, sizeof(fnhe_hash_key)); + hval = siphash_1u32((__force u32)daddr, &fnhe_hash_key); + return hash_64(hval, FNHE_HASH_SHIFT); }
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
On Fri, Oct 29, 2021 at 05:54:17PM +0300, Ovidiu Panait wrote:
The following commits are needed to fix CVE-2021-20322: ipv4: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
ipv6: [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
- Commit [2] is already present in 4.14 stable.
- Commits [3] and [4] are not needed in 4.14, as there is no exception hash table implementation for ipv6 (it was introduced in 4.15 by commit 35732d01fe31 ("ipv6: introduce a hash table to store dst cache")).
- Therefore, backport only commit [1] with minor context adjustments.
Eric Dumazet (1): ipv4: use siphash instead of Jenkins in fnhe_hashfun()
net/ipv4/route.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
Queued up, thanks!
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Ovidiu Panait