From patchwork Wed Aug 25 23:17:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 12458643 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C552C4320E for ; Wed, 25 Aug 2021 23:17:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7869C60EBC for ; Wed, 25 Aug 2021 23:17:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233497AbhHYXSZ (ORCPT ); Wed, 25 Aug 2021 19:18:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231535AbhHYXSX (ORCPT ); Wed, 25 Aug 2021 19:18:23 -0400 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DE533C061757 for ; Wed, 25 Aug 2021 16:17:36 -0700 (PDT) Received: by mail-pf1-x432.google.com with SMTP id t42so973303pfg.12 for ; Wed, 25 Aug 2021 16:17:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mGCUvJpcs02KtrbH5sh+HKmH+Xo5D6CWLG3Hh/77W7c=; b=KWVkPzGCnO7Bm0MiuiEa8OCmY+a+qr0DoYKzeCX/flAJLkksrXbRf1NZtWrgNlWLil K0CKpt7ePor2kbLfeHqxHCiDYKaUhXU5fF+ODr8TzgMpfnOCKEqD6lP2q+4yB61qF1T4 nl5kfpmoGFeJ8587Of7Na0gzcY9NH5wvjDV6qMpyBLqH1lLmVDpW5MsfLVuVgHE6bLP6 s5O5vH0AGKuCR5EqaaACgE3dlTj+eLgysrraKyntjTDkwGJ0EgteZxWkT750iZDN8tWM f4712X2+1eVAYN2JILJOw5PKf8V4fmfK2n4G17TFMazYWhS9LF3oYF4r8p5cHfTGqsLe B5sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mGCUvJpcs02KtrbH5sh+HKmH+Xo5D6CWLG3Hh/77W7c=; b=B2MwRaCj/rCQEoeZM6cfl3Us/5roqDeEtg9B6770MOSA+0dgPIR2BWj9oKbRTPKjSw Fe8tNuzZTYM1PY7ekF0lyodePA9TfEmUtzYlWbmdr8ncSLk1R35kXIZAtLtaYBUr2v4q txRgHXoQydV0ZV6NdvOjPXclu5pbALQRNZyM3+9Te4AcbT/tYy1jVsckGL69akrIF22L mjgBjtxptoGfqb+ABVfukuLgkiIM0D+G4yTuRcbuWO8bMPDXkRRIkwE89JpbhwsjtqkR IdU269BvXfGoaHlIlOzn9EfY5cd538m9TA0pjoBgkHS/+PqEwa/bY17VAnFmoChQ3F/5 mkhw== X-Gm-Message-State: AOAM5307dMUiAdRKz2DWLa1U9kQz34257uT6nvbMBWi5dpuAAZQD3O9z uhn8Wpmupm3wmRDnTod3o08= X-Google-Smtp-Source: ABdhPJzwvTrz1uvQlm7L64UzorkvuphkINVKV6cB522KIJWFtcPKVQ3lCGo4OqF35tmwW3aBzf2M9w== X-Received: by 2002:a63:515f:: with SMTP id r31mr564738pgl.41.1629933455539; Wed, 25 Aug 2021 16:17:35 -0700 (PDT) Received: from edumazet1.svl.corp.google.com ([2620:15c:2c4:201:d4a1:c5c4:fef5:2e3e]) by smtp.gmail.com with ESMTPSA id mv1sm6625035pjb.29.2021.08.25.16.17.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 16:17:35 -0700 (PDT) From: Eric Dumazet To: "David S . Miller" , Jakub Kicinski Cc: netdev , Eric Dumazet , Eric Dumazet , Willy Tarreau , Keyu Man , Wei Wang , Martin KaFai Lau Subject: [PATCH net 1/2] ipv6: use siphash in rt6_exception_hash() Date: Wed, 25 Aug 2021 16:17:28 -0700 Message-Id: <20210825231729.401676-2-eric.dumazet@gmail.com> X-Mailer: git-send-email 2.33.0.rc2.250.ged5fa647cd-goog In-Reply-To: <20210825231729.401676-1-eric.dumazet@gmail.com> References: <20210825231729.401676-1-eric.dumazet@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Eric Dumazet A group of security researchers brought to our attention the weakness of hash function used in rt6_exception_hash() Lets use siphash instead of Jenkins Hash, to considerably reduce security risks. Following patch deals with IPv4. Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache") Signed-off-by: Eric Dumazet Reported-by: Keyu Man Cc: Wei Wang Cc: Martin KaFai Lau Acked-by: Wei Wang --- net/ipv6/route.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index b6ddf23d38330ded88509b8507998ce82a72799b..c5e8ecb96426bda619fe242351e40dcf6ff68bcf 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -1484,17 +1485,24 @@ static void rt6_exception_remove_oldest(struct rt6_exception_bucket *bucket) static u32 rt6_exception_hash(const struct in6_addr *dst, const struct in6_addr *src) { - static u32 seed __read_mostly; - u32 val; + static siphash_key_t rt6_exception_key __read_mostly; + struct { + struct in6_addr dst; + struct in6_addr src; + } __aligned(SIPHASH_ALIGNMENT) combined = { + .dst = *dst, + }; + u64 val; - net_get_random_once(&seed, sizeof(seed)); - val = jhash2((const u32 *)dst, sizeof(*dst)/sizeof(u32), seed); + net_get_random_once(&rt6_exception_key, sizeof(rt6_exception_key)); #ifdef CONFIG_IPV6_SUBTREES if (src) - val = jhash2((const u32 *)src, sizeof(*src)/sizeof(u32), val); + combined.src = *src; #endif - return hash_32(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT); + val = siphash(&combined, sizeof(combined), &rt6_exception_key); + + return hash_64(val, FIB6_EXCEPTION_BUCKET_SIZE_SHIFT); } /* Helper function to find the cached rt in the hash table From patchwork Wed Aug 25 23:17:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 12458641 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E6C1C43214 for ; Wed, 25 Aug 2021 23:17:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 84CC6610C7 for ; Wed, 25 Aug 2021 23:17:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233527AbhHYXS0 (ORCPT ); Wed, 25 Aug 2021 19:18:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49938 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233291AbhHYXSX (ORCPT ); Wed, 25 Aug 2021 19:18:23 -0400 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88EDAC0613C1 for ; Wed, 25 Aug 2021 16:17:37 -0700 (PDT) Received: by mail-pf1-x432.google.com with SMTP id v123so975831pfb.11 for ; Wed, 25 Aug 2021 16:17:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=grElHCeWG42mSCpLrJvrvmI/9gP3g+wI733Q+bGGDGg=; b=E3pRRjGeUzH6eCSHlRSMbsBmtdS7GlDx7DZ0x/AbpF0D+OsD10SXb6wRw5RqKwI+Yx sNwJgDPikuzywHYIADiYfsZwl7i5dbzyRaoR7z6vcfichGPrXnDh3sjr58zx5Ft8YyOF 4523zmMQ2sfWNBnlt2drMAAnEvIm5SEwT/m2sfNpgCF6GC1OkY0XvQ4t1k5bX9dA7Gp1 BdgevTQKIKNpVYl4gkeLfriWSCe3uaTy6rNOHHp6Kbglp/7Aik1WjwObYhlak+dOreHC evDChat9BDRXanVl/DwvJijDpRN7Ozb1Lha7kOj99wsHEl0HY39Nd2wYTlyke25gVcOs E+iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=grElHCeWG42mSCpLrJvrvmI/9gP3g+wI733Q+bGGDGg=; b=knpyQPVVF/GElnVTQ/gDTgFohouvXbANROlpkkhVlEpIaMipsQvoIygyystBC6xMMg QT3x8HpjqcLpmI78qKDLJyFOxta47Tvs3ESoj5rGQhZwvu8xoWV59gd5DZ3ttERVfedg klSHCGR2oYMoC4k3a2d+6adJdT7x3iIByocvrtG4oMLcPSp+xazucvCIq7YuGL11P6PM TVioB14RJvSx5leJqk2yEC9CWFEnnuxcwcMxJwplFjxkepCxXo5keHWn24xU8Ln8jbk+ SBK+qRedcHVE3ooF7Exs7QKYZoMyvcFnlLrh/PMqEF4UrawbksRE3rhsqCTEg4otI4Sk vHug== X-Gm-Message-State: AOAM532Zj79eslX7pmcPzX5BSRVfl34QIuz0v62BNB4BFHOFMJB8vulj rfVCKhhm/Dl5559RBHzmVtI= X-Google-Smtp-Source: ABdhPJy+WAikEW5Ya4hbIatvcNuEVY8ynbRdMf7E5FkRbRY61a2aMMIyLwSW7NCZqx6dJtHMr6xq4Q== X-Received: by 2002:a65:5086:: with SMTP id r6mr566906pgp.65.1629933457180; Wed, 25 Aug 2021 16:17:37 -0700 (PDT) Received: from edumazet1.svl.corp.google.com ([2620:15c:2c4:201:d4a1:c5c4:fef5:2e3e]) by smtp.gmail.com with ESMTPSA id mv1sm6625035pjb.29.2021.08.25.16.17.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 16:17:36 -0700 (PDT) From: Eric Dumazet To: "David S . Miller" , Jakub Kicinski Cc: netdev , Eric Dumazet , Eric Dumazet , Willy Tarreau , Keyu Man Subject: [PATCH net 2/2] ipv4: use siphash instead of Jenkins in fnhe_hashfun() Date: Wed, 25 Aug 2021 16:17:29 -0700 Message-Id: <20210825231729.401676-3-eric.dumazet@gmail.com> X-Mailer: git-send-email 2.33.0.rc2.250.ged5fa647cd-goog In-Reply-To: <20210825231729.401676-1-eric.dumazet@gmail.com> References: <20210825231729.401676-1-eric.dumazet@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Eric Dumazet A group of security researchers brought to our attention the weakness of hash function used in fnhe_hashfun(). Lets use siphash instead of Jenkins Hash, to considerably reduce security risks. Also remove the inline keyword, this really is distracting. Fixes: d546c621542d ("ipv4: harden fnhe_hashfun()") Signed-off-by: Eric Dumazet Reported-by: Keyu Man Cc: Willy Tarreau --- net/ipv4/route.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 99c06944501ab1a8de0960acfdc9f1825b7079b1..a6f20ee3533554b210d27c4ab6637ca7a05b148b 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -600,14 +600,14 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash) return oldest; } -static inline u32 fnhe_hashfun(__be32 daddr) +static u32 fnhe_hashfun(__be32 daddr) { - static u32 fnhe_hashrnd __read_mostly; - u32 hval; + static siphash_key_t fnhe_hash_key __read_mostly; + u64 hval; - net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd)); - hval = jhash_1word((__force u32)daddr, fnhe_hashrnd); - return hash_32(hval, FNHE_HASH_SHIFT); + net_get_random_once(&fnhe_hash_key, sizeof(fnhe_hash_key)); + hval = siphash_1u32((__force u32)daddr, &fnhe_hash_key); + return hash_64(hval, FNHE_HASH_SHIFT); } static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)