mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-26 20:38:12 +00:00
Code Issues Releases Wiki Activity
No description
734888 commits 105 branches 5097 tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Stewart Smith ebfedbfb36 tcp: Reduce chance of collisions in inet6_hashfn(). 
[ Upstream commit d11b0df7dd ]

For both IPv4 and IPv6 incoming TCP connections are tracked in a hash
table with a hash over the source & destination addresses and ports.
However, the IPv6 hash is insufficient and can lead to a high rate of
collisions.

The IPv6 hash used an XOR to fit everything into the 96 bits for the
fast jenkins hash, meaning it is possible for an external entity to
ensure the hash collides, thus falling back to a linear search in the
bucket, which is slow.

We take the approach of hash the full length of IPv6 address in
__ipv6_addr_jhash() so that all users can benefit from a more secure
version.

While this may look like it adds overhead, the reality of modern CPUs
means that this is unmeasurable in real world scenarios.

In simulating with llvm-mca, the increase in cycles for the hashing
code was ~16 cycles on Skylake (from a base of ~155), and an extra ~9
on Nehalem (base of ~173).

In commit dd6d2910c5 ("netfilter: conntrack: switch to siphash")
netfilter switched from a jenkins hash to a siphash, but even the faster
hsiphash is a more significant overhead (~20-30%) in some preliminary
testing.  So, in this patch, we keep to the more conservative approach to
ensure we don't add much overhead per SYN.

In testing, this results in a consistently even spread across the
connection buckets.  In both testing and real-world scenarios, we have
not found any measurable performance impact.

Fixes: 08dcdbf6a7 ("ipv6: use a stronger hash for tcp")
Signed-off-by: Stewart Smith <trawets@amazon.com>
Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230721222410.17914-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-08-11 11:33:50 +02:00
arch xtensa: ISS: fix call to split_if_spec 2023-08-11 11:33:46 +02:00
block block: bio-integrity: Copy flags when bio_integrity_payload is cloned 2023-03-11 16:26:35 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-25 11:46:44 +02:00
crypto verify_pefile: relax wrapper length check 2023-04-20 12:02:12 +02:00
Documentation Documentation/x86: Fix backwards on/off logic about YMM support 2023-08-08 19:48:25 +02:00
drivers ethernet: atheros: fix return value check in atl1e_tso_csum() 2023-08-11 11:33:50 +02:00
firmware
fs ext4: correct inline offset when handling xattrs in inode body 2023-08-11 11:33:47 +02:00
include tcp: Reduce chance of collisions in inet6_hashfn(). 2023-08-11 11:33:50 +02:00
init init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() 2023-08-08 19:48:24 +02:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:16:33 +01:00
kernel bpf: Address KCSAN report on bpf_lru_list 2023-08-11 11:33:48 +02:00
lib debugobjects: Recheck debug_objects_enabled before reporting 2023-08-11 11:33:47 +02:00
mm treewide: Remove uninitialized_var() usage 2023-08-11 11:33:32 +02:00
net ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address 2023-08-11 11:33:50 +02:00
samples
scripts modpost: fix off by one in is_executable_section() 2023-08-11 11:33:38 +02:00
security integrity: Fix possible multiple allocation in integrity_inode_get() 2023-08-11 11:33:41 +02:00
sound ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer 2023-08-11 11:33:37 +02:00
tools perf probe: Add test for regression introduced by switch to die_get_decl_file() 2023-08-11 11:33:47 +02:00
usr
virt KVM: arm64: vgic: Fix exit condition in scan_its_table() 2022-11-03 23:50:50 +09:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS Remove DECnet support from kernel 2023-06-21 15:38:58 +02:00
Makefile Linux 4.14.321 2023-08-08 19:48:26 +02:00
README

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.