mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 21:57:43 +00:00
Code Issues Releases Wiki Activity
No description
732392 commits 104 branches 5093 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Willy Tarreau 9044e70fad tcp: increase source port perturb table to 2^16 
commit 4c2c8f03a5 upstream.

Moshe Kol, Amit Klein, and Yossi Gilad reported being able to accurately
identify a client by forcing it to emit only 40 times more connections
than there are entries in the table_perturb[] table. The previous two
improvements consisting in resalting the secret every 10s and adding
randomness to each port selection only slightly improved the situation,
and the current value of 2^8 was too small as it's not very difficult
to make a client emit 10k connections in less than 10 seconds.

Thus we're increasing the perturb table from 2^8 to 2^16 so that the
same precision now requires 2.6M connections, which is more difficult in
this time frame and harder to hide as a background activity. The impact
is that the table now uses 256 kB instead of 1 kB, which could mostly
affect devices making frequent outgoing connections. However such
components usually target a small set of destinations (load balancers,
database clients, perf assessment tools), and in practice only a few
entries will be visited, like before.

A live test at 1 million connections per second showed no performance
difference from the previous value.

Reported-by: Moshe Kol <moshe.kol@mail.huji.ac.il>
Reported-by: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-06-25 11:46:46 +02:00
arch s390/mm: use non-quiescing sske for KVM switch to keyed guest 2022-06-25 11:46:45 +02:00
block block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern 2022-06-06 08:20:57 +02:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-25 11:46:44 +02:00
crypto crypto: drbg - make reseeding from get_random_bytes() synchronous 2022-06-25 11:46:41 +02:00
Documentation random: fix sysctl documentation nits 2022-06-25 11:46:38 +02:00
drivers usb: gadget: u_ether: fix regression in setting fixed MAC address 2022-06-25 11:46:45 +02:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:20:30 +01:00
fs ext4: add reserved GDT blocks check 2022-06-25 11:46:45 +02:00
include random: mark bootloader randomness code as __init 2022-06-25 11:46:42 +02:00
init random: handle latent entropy and command line from random_init() 2022-06-25 11:46:40 +02:00
ipc ipc: WARN if trying to remove ipc object which is absent 2021-12-08 08:46:53 +01:00
kernel timekeeping: Add raw clock fallback for random_get_entropy() 2022-06-25 11:46:38 +02:00
lib random: remove ratelimiting for in-kernel unseeded randomness 2022-06-25 11:46:40 +02:00
mm random: move randomize_page() into mm where it belongs 2022-06-25 11:46:40 +02:00
net tcp: increase source port perturb table to 2^16 2022-06-25 11:46:46 +02:00
samples samples/kretprobes: Fix return value if register_kretprobe() failed 2021-11-26 11:40:31 +01:00
scripts modpost: fix undefined behavior of is_arm_mapping_symbol() 2022-06-14 16:54:00 +02:00
security Fix incorrect type in assignment of ipv6 port for audit 2022-04-20 09:08:21 +02:00
sound ASoC: wm8962: Fix suspend while playing music 2022-06-25 11:46:42 +02:00
tools perf c2c: Fix sorting in percent_rmt_hitm_cmp() 2022-06-14 16:53:57 +02:00
usr initramfs: restore default compression behavior 2020-04-13 10:34:19 +02:00
virt KVM: Prevent module exit until all VMs are freed 2022-04-20 09:08:24 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
MAINTAINERS MAINTAINERS: co-maintain random.c 2022-06-25 11:46:29 +02:00
Makefile Linux 4.14.284 2022-06-16 13:01:55 +02:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.