Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp329696ybi; Fri, 7 Jun 2019 08:43:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqzLLKnHJz0YMrguJbEi8V8n233hv13gJEPbWlrsgcBFgKr2aI6SmjGoFK1m82yKwNT9eX8o X-Received: by 2002:a63:445b:: with SMTP id t27mr3377883pgk.56.1559922238528; Fri, 07 Jun 2019 08:43:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559922238; cv=none; d=google.com; s=arc-20160816; b=jtTrPwa/fdcQfhn2Kb8DkVQCTAA6FpwFACFGMlUHTmcqC8B/MSkE0u6hbj9OOaX1De BzpJgrOCLA4Q9kWMn58WTXuxKzktQXRxbqW/0m9bwc+9pma1b5lWcLZtMbMmSK4sACOh Gvqf/HbZkfzGtoAObxuaUwSSso112NndJG+h/HZuCsXD5v3Fvqxs7r3vllVAJ4ofduPu WcQHg8rDMwaBDmnvQPIM16mEifuU+VDKr8xixnpi3J2LL9YpT80fs/i4p7NZl5Wyh/Gs eqgJIH+DCU5Ynj6LKNjRqUso37X/Hv13SpeedLVt3Lamy4Fyy46t9TPW6DmQap66MTkp sQAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=vS6e+78viZRpFXgoPS459zeB8Mv9DCsfjxKjYEw1Kf8=; b=g7nYI8c7+o8O51Hiee9/XfcBVgiSpe//+vmkuTh2NBO9LQs70FFXf4n2QJxdRBFB7x 10nVPIuKH2ApkGcDl9uNXmemKZ7QxNkcq3TGqbLocXYXl9VRsYuM82JFhW2ZO62ac7qm 0PST+yep3JYVk8ln0cQM6zHy30+/eEvlEWLvLPjS88QOwNfFZEpqrh4zecdtrHrc9mmR fHQq8k8BO0A3n94wne/Ek4rkc4DUP+qV4YPZ5XluWHz6zP+lmDiJkgAUN1DAdvdqjPem R2pqm35sv1xLj549LSyUvWS2MdTqOdGX5PHPyw3xfD6x1usc8+5CtjFSYCmeigrBpaDi Yuww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NN2j7k0i; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d131si2158320pga.594.2019.06.07.08.43.40; Fri, 07 Jun 2019 08:43:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NN2j7k0i; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729699AbfFGPkZ (ORCPT + 99 others); Fri, 7 Jun 2019 11:40:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:49514 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728783AbfFGPkZ (ORCPT ); Fri, 7 Jun 2019 11:40:25 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 29DEF212F5; Fri, 7 Jun 2019 15:40:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559922023; bh=FyehNmskSxwTTABvJ159kNmgnxJUhpzmIVqPOUhndq0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NN2j7k0ikttloyYPChFUcwl6vtAHRE8iS9RIFTD8qd8y/DYOBpyYs3QXnyYq+5hlT ufYnBr4a0yhOFo9XDcKiPIAe3x9iZTEltisfXxWGA1EBM9npyfpW6bGp7AvQK+Cjzz MxMIiL5gbDCqDT+lTpG45t70TOZsdYJ6OXz7ODdQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , Amit Klein , Benny Pinkas , "David S. Miller" Subject: [PATCH 4.14 01/69] inet: switch IP ID generator to siphash Date: Fri, 7 Jun 2019 17:38:42 +0200 Message-Id: <20190607153848.433338110@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190607153848.271562617@linuxfoundation.org> References: <20190607153848.271562617@linuxfoundation.org> User-Agent: quilt/0.66 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Dumazet [ Upstream commit df453700e8d81b1bdafdf684365ee2b9431fb702 ] According to Amit Klein and Benny Pinkas, IP ID generation is too weak and might be used by attackers. Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix()) having 64bit key and Jenkins hash is risky. It is time to switch to siphash and its 128bit keys. Signed-off-by: Eric Dumazet Reported-by: Amit Klein Reported-by: Benny Pinkas Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/linux/siphash.h | 5 +++++ include/net/netns/ipv4.h | 2 ++ net/ipv4/route.c | 12 +++++++----- net/ipv6/output_core.c | 30 ++++++++++++++++-------------- 4 files changed, 30 insertions(+), 19 deletions(-) --- a/include/linux/siphash.h +++ b/include/linux/siphash.h @@ -21,6 +21,11 @@ typedef struct { u64 key[2]; } siphash_key_t; +static inline bool siphash_key_is_zero(const siphash_key_t *key) +{ + return !(key->key[0] | key->key[1]); +} + u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key); #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key); --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -9,6 +9,7 @@ #include #include #include +#include struct tcpm_hash_bucket; struct ctl_table_header; @@ -164,5 +165,6 @@ struct netns_ipv4 { unsigned int fib_seq; /* protected by rtnl_mutex */ atomic_t rt_genid; + siphash_key_t ip_id_key; }; #endif --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -517,15 +517,17 @@ EXPORT_SYMBOL(ip_idents_reserve); void __ip_select_ident(struct net *net, struct iphdr *iph, int segs) { - static u32 ip_idents_hashrnd __read_mostly; u32 hash, id; - net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd)); + /* Note the following code is not safe, but this is okay. */ + if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key))) + get_random_bytes(&net->ipv4.ip_id_key, + sizeof(net->ipv4.ip_id_key)); - hash = jhash_3words((__force u32)iph->daddr, + hash = siphash_3u32((__force u32)iph->daddr, (__force u32)iph->saddr, - iph->protocol ^ net_hash_mix(net), - ip_idents_hashrnd); + iph->protocol, + &net->ipv4.ip_id_key); id = ip_idents_reserve(hash, segs); iph->id = htons(id); } --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c @@ -10,15 +10,25 @@ #include #include -static u32 __ipv6_select_ident(struct net *net, u32 hashrnd, +static u32 __ipv6_select_ident(struct net *net, const struct in6_addr *dst, const struct in6_addr *src) { + const struct { + struct in6_addr dst; + struct in6_addr src; + } __aligned(SIPHASH_ALIGNMENT) combined = { + .dst = *dst, + .src = *src, + }; u32 hash, id; - hash = __ipv6_addr_jhash(dst, hashrnd); - hash = __ipv6_addr_jhash(src, hash); - hash ^= net_hash_mix(net); + /* Note the following code is not safe, but this is okay. */ + if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key))) + get_random_bytes(&net->ipv4.ip_id_key, + sizeof(net->ipv4.ip_id_key)); + + hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key); /* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve, * set the hight order instead thus minimizing possible future @@ -41,7 +51,6 @@ static u32 __ipv6_select_ident(struct ne */ __be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb) { - static u32 ip6_proxy_idents_hashrnd __read_mostly; struct in6_addr buf[2]; struct in6_addr *addrs; u32 id; @@ -53,11 +62,7 @@ __be32 ipv6_proxy_select_ident(struct ne if (!addrs) return 0; - net_get_random_once(&ip6_proxy_idents_hashrnd, - sizeof(ip6_proxy_idents_hashrnd)); - - id = __ipv6_select_ident(net, ip6_proxy_idents_hashrnd, - &addrs[1], &addrs[0]); + id = __ipv6_select_ident(net, &addrs[1], &addrs[0]); return htonl(id); } EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident); @@ -66,12 +71,9 @@ __be32 ipv6_select_ident(struct net *net const struct in6_addr *daddr, const struct in6_addr *saddr) { - static u32 ip6_idents_hashrnd __read_mostly; u32 id; - net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd)); - - id = __ipv6_select_ident(net, ip6_idents_hashrnd, daddr, saddr); + id = __ipv6_select_ident(net, daddr, saddr); return htonl(id); } EXPORT_SYMBOL(ipv6_select_ident);