mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-28 07:13:34 +00:00
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
commit6457378fe7
upstream. A group of security researchers brought to our attention the weakness of hash function used in fnhe_hashfun(). Lets use siphash instead of Jenkins Hash, to considerably reduce security risks. Also remove the inline keyword, this really is distracting. Fixes:d546c62154
("ipv4: harden fnhe_hashfun()") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Keyu Man <kman001@ucr.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net> [OP: adjusted context for 4.14 stable] Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
fdbffd95c4
commit
b31aa41bf1
1 changed files with 6 additions and 6 deletions
|
@ -640,14 +640,14 @@ static void fnhe_remove_oldest(struct fnhe_hash_bucket *hash)
|
||||||
kfree_rcu(oldest, rcu);
|
kfree_rcu(oldest, rcu);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline u32 fnhe_hashfun(__be32 daddr)
|
static u32 fnhe_hashfun(__be32 daddr)
|
||||||
{
|
{
|
||||||
static u32 fnhe_hashrnd __read_mostly;
|
static siphash_key_t fnhe_hash_key __read_mostly;
|
||||||
u32 hval;
|
u64 hval;
|
||||||
|
|
||||||
net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd));
|
net_get_random_once(&fnhe_hash_key, sizeof(fnhe_hash_key));
|
||||||
hval = jhash_1word((__force u32) daddr, fnhe_hashrnd);
|
hval = siphash_1u32((__force u32)daddr, &fnhe_hash_key);
|
||||||
return hash_32(hval, FNHE_HASH_SHIFT);
|
return hash_64(hval, FNHE_HASH_SHIFT);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
|
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)
|
||||||
|
|
Loading…
Reference in a new issue