Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp891983rwb; Mon, 26 Sep 2022 07:10:50 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6OcTxaPzRN47cNxRV/ubYfgFHkzHPwpnGoMFYLNZ7qUxJ/ohjVm/b44DKWyuwiC33tIon3 X-Received: by 2002:a17:907:74a:b0:77e:9455:b4e1 with SMTP id xc10-20020a170907074a00b0077e9455b4e1mr18757271ejb.462.1664201449798; Mon, 26 Sep 2022 07:10:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664201449; cv=none; d=google.com; s=arc-20160816; b=LlFbt/0zd2PQOXSrO9BTbogSXaLPAtoY+RFuzx6e+6uWzw0y8TQSUXdvvKaRBouTjm kLgz1rJylNj9MoEABpjJp2aiBIVg7UnkPBiwMtG+ajYjQNxLpitUiOOLyLvpBS+iCg+e 3wzqFZCO4pl2ZSIxv8jOzv/kTvEH8MO0mhNyZMf3X2YhUtKEJ3WBVP8asEwR1389COXN bUZ2e0Uj8TLcddJw3Lhw2pacXP4bIWWPoP+b5jiQEW04bTydew9oT1+ozGuNH351Tsd5 1rX9nfM1wDr6MhZ2VRuNx34lJsFrK53+950smMZSNkvJ0AN7F2NjXZngxETVb3AUGTRc 2UnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=iegcVo8qsi6wuvoveeUIfm25bPYVZZwjQHoUHNARBI8=; b=SIx3mTQHwFi+qIbpxt9yWEtccE0HZx7jnPQm72H0BYHHWvXZ1iAQ959Vcn4fsP8+TB SHACfYe724xS8WDvEzUHF8/IVK7CQTwXrQ5euRVkT9VR4Q3ph2H3En3VGA7ymJMS/Kcj H4tELZ5Gln9VBRmLPhrY/ELdN3P7maNkTFLQkrb2JJa5k1UkBjLDXOKyvf230dP4cMW3 /4EI1j7F9gwjUbCQ8bqXi2qMRCpkKVa0UJwmZ6Toou689dyW5hl5LsNT6EVaDYdgx7gE 51vW/0k38aE2KVLHQRt7gGEgTXNmYZlm6jSjPcANDS35utWpWmjCE3r6Gsp+4KrrlBNi PmUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=rcrG1LL4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cw16-20020a170906479000b00782650a2738si58675ejc.24.2022.09.26.07.10.12; Mon, 26 Sep 2022 07:10:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=rcrG1LL4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235295AbiIZN3p (ORCPT + 99 others); Mon, 26 Sep 2022 09:29:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235452AbiIZN2w (ORCPT ); Mon, 26 Sep 2022 09:28:52 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2DB81DB548; Mon, 26 Sep 2022 04:53:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 06F7460D30; Mon, 26 Sep 2022 10:37:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 094EBC43470; Mon, 26 Sep 2022 10:37:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1664188636; bh=oltk1OjiNQorMNCdlqIIDzftepr4ZhS75pVgiLfx544=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rcrG1LL4bw5KBHZVqQeveDNYS3bAKWg1dXx0PRYxJ+lxAwwSWdumeT+wJrivn2nJZ 2vR2YXWgzWVDyZT0XrMwRbDrxE0B5USvAFn13pc/+072Fex5pZdmelA+TN92F7ieGg HMyTcalAkMg9RsrwzEXfaQRy5CJ3a/Ir/D5Uwcas= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ludovic Cintrat , "David S. Miller" , Sasha Levin Subject: [PATCH 5.15 072/148] net: core: fix flow symmetric hash Date: Mon, 26 Sep 2022 12:11:46 +0200 Message-Id: <20220926100758.733849813@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220926100756.074519146@linuxfoundation.org> References: <20220926100756.074519146@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ludovic Cintrat [ Upstream commit 64ae13ed478428135cddc2f1113dff162d8112d4 ] __flow_hash_consistentify() wrongly swaps ipv4 addresses in few cases. This function is indirectly used by __skb_get_hash_symmetric(), which is used to fanout packets in AF_PACKET. Intrusion detection systems may be impacted by this issue. __flow_hash_consistentify() computes the addresses difference then swaps them if the difference is negative. In few cases src - dst and dst - src are both negative. The following snippet mimics __flow_hash_consistentify(): ``` #include #include int main(int argc, char** argv) { int diffs_d, diffd_s; uint32_t dst = 0xb225a8c0; /* 178.37.168.192 --> 192.168.37.178 */ uint32_t src = 0x3225a8c0; /* 50.37.168.192 --> 192.168.37.50 */ uint32_t dst2 = 0x3325a8c0; /* 51.37.168.192 --> 192.168.37.51 */ diffs_d = src - dst; diffd_s = dst - src; printf("src:%08x dst:%08x, diff(s-d)=%d(0x%x) diff(d-s)=%d(0x%x)\n", src, dst, diffs_d, diffs_d, diffd_s, diffd_s); diffs_d = src - dst2; diffd_s = dst2 - src; printf("src:%08x dst:%08x, diff(s-d)=%d(0x%x) diff(d-s)=%d(0x%x)\n", src, dst2, diffs_d, diffs_d, diffd_s, diffd_s); return 0; } ``` Results: src:3225a8c0 dst:b225a8c0, \ diff(s-d)=-2147483648(0x80000000) \ diff(d-s)=-2147483648(0x80000000) src:3225a8c0 dst:3325a8c0, \ diff(s-d)=-16777216(0xff000000) \ diff(d-s)=16777216(0x1000000) In the first case the addresses differences are always < 0, therefore __flow_hash_consistentify() always swaps, thus dst->src and src->dst packets have differents hashes. Fixes: c3f8324188fa8 ("net: Add full IPv6 addresses to flow_keys") Signed-off-by: Ludovic Cintrat Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/core/flow_dissector.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index bc50bd331d5b..1c34e2266578 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -1519,9 +1519,8 @@ static inline void __flow_hash_consistentify(struct flow_keys *keys) switch (keys->control.addr_type) { case FLOW_DISSECTOR_KEY_IPV4_ADDRS: - addr_diff = (__force u32)keys->addrs.v4addrs.dst - - (__force u32)keys->addrs.v4addrs.src; - if (addr_diff < 0) + if ((__force u32)keys->addrs.v4addrs.dst < + (__force u32)keys->addrs.v4addrs.src) swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst); if ((__force u16)keys->ports.dst < -- 2.35.1