Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966730AbcLVTfC (ORCPT ); Thu, 22 Dec 2016 14:35:02 -0500 Received: from mail-lf0-f66.google.com ([209.85.215.66]:33790 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965047AbcLVTe7 (ORCPT ); Thu, 22 Dec 2016 14:34:59 -0500 MIME-Version: 1.0 In-Reply-To: References: <1482425969.2673.5.camel@stressinduktion.org> From: Alexei Starovoitov Date: Thu, 22 Dec 2016 11:34:36 -0800 Message-ID: Subject: Re: BPF hash algo (Re: [kernel-hardening] Re: [PATCH v7 3/6] random: use SipHash in place of MD5) To: Andy Lutomirski Cc: Hannes Frederic Sowa , Daniel Borkmann , "Jason A. Donenfeld" , "kernel-hardening@lists.openwall.com" , "Theodore Ts'o" , Netdev , LKML , Linux Crypto Mailing List , David Laight , Eric Dumazet , Linus Torvalds , Eric Biggers , Tom Herbert , Andi Kleen , "David S. Miller" , Jean-Philippe Aumasson Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 689 Lines: 16 On Thu, Dec 22, 2016 at 9:25 AM, Andy Lutomirski wrote: > On Thu, Dec 22, 2016 at 8:59 AM, Hannes Frederic Sowa > wrote: >> On Thu, 2016-12-22 at 08:07 -0800, Andy Lutomirski wrote: >> >> We don't prevent ebpf programs being loaded based on the digest but >> just to uniquely identify loaded programs from user space and match up >> with their source. > > The commit log talks about using the hash to see if the program has > already been compiled and JITted. If that's done, then a collision > will directly cause the kernel to malfunction. Andy, please read the code. we could have used jhash there just as well. Collisions are fine.