github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-06 05:27:07 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
Linux kernel source tree
977,168 Commits 1 Branch 933 Tags 20 GiB
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%
5867e20e18
Go to file
Eric Dumazet 5867e20e18 ipv4: make exception cache less predictible 
[ Upstream commit 67d6d681e1 ]

Even after commit 6457378fe7 ("ipv4: use siphash instead of Jenkins in
fnhe_hashfun()"), an attacker can still use brute force to learn
some secrets from a victim linux host.

One way to defeat these attacks is to make the max depth of the hash
table bucket a random value.

Before this patch, each bucket of the hash table used to store exceptions
could contain 6 items under attack.

After the patch, each bucket would contains a random number of items,
between 6 and 10. The attacker can no longer infer secrets.

This is slightly increasing memory size used by the hash table,
by 50% in average, we do not expect this to be a problem.

This patch is more complex than the prior one (IPv6 equivalent),
because IPv4 was reusing the oldest entry.
Since we need to be able to evict more than one entry per
update_or_create_fnhe() call, I had to replace
fnhe_oldest() with fnhe_remove_oldest().

Also note that we will queue extra kfree_rcu() calls under stress,
which hopefully wont be a too big issue.

Fixes: 4895c771c7 ("ipv4: Add FIB nexthop exceptions.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Reviewed-by: David Ahern <dsahern@kernel.org>
Tested-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-15 09:50:45 +02:00
arch arm64: dts: marvell: armada-37xx: Extend PCIe MEM space 2021-09-15 09:50:41 +02:00
block blk-crypto: fix check for too-large dun_bytes 2021-09-15 09:50:30 +02:00
certs certs: Trigger creation of RSA module signing key if it's not an RSA key 2021-09-15 09:50:29 +02:00
crypto crypto: sm2 - fix a memory leak in sm2 2021-07-14 16:56:06 +02:00
Documentation lkdtm: replace SCSI_DISPATCH_CMD with SCSI_QUEUE_RQ 2021-09-15 09:50:42 +02:00
drivers brcmfmac: pcie: fix oops on failure to resume and reprobe 2021-09-15 09:50:45 +02:00
fs CIFS: Fix a potencially linear read overflow 2021-09-15 09:50:43 +02:00
include firmware: raspberrypi: Keep count of all consumers 2021-09-15 09:50:41 +02:00
init sched/core: Initialize the idle task with preemption disabled 2021-07-14 16:55:50 +02:00
ipc ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry 2021-05-26 12:06:54 +02:00
kernel bpf: Fix possible out of bound write in narrow load handling 2021-09-15 09:50:43 +02:00
lib lib/mpi: use kcalloc in mpi_resize 2021-09-15 09:50:29 +02:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm mm/page_alloc: speed up the iteration of max_order 2021-09-12 08:58:26 +02:00
net ipv4: make exception cache less predictible 2021-09-15 09:50:45 +02:00
samples samples: pktgen: add missing IPv6 option to pktgen scripts 2021-09-15 09:50:40 +02:00
scripts scripts/tracing: fix the bug that can't parse raw_trace_func 2021-08-12 13:22:12 +02:00
security bpf: Add lockdown check for probe_write_user helper 2021-08-15 14:00:25 +02:00
sound ASoC: wcd9335: Disable irq on slave ports in the remove function 2021-09-15 09:50:44 +02:00
tools libbpf: Re-build libbpf.so when libbpf.map changes 2021-09-15 09:50:40 +02:00
usr Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
virt KVM: Do not leak memory for duplicate debugfs directories 2021-08-12 13:22:17 +02:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS f2fs: move ioctl interface definitions to separated file 2021-05-19 10:13:00 +02:00
Makefile Linux 5.10.64 2021-09-12 08:58:28 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.