git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Willy Tarreau <w@1wt.eu>
	Mon, 2 May 2022 08:46:08 +0000 (10:46 +0200)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 10 Aug 2022 07:22:13 +0000 (09:22 +0200)
commit	f7494a352fa01909a0fc4467d7046c377c576a15
tree	6da7798c5a0717dadeffff1081ac8526548af15b	tree
parent	c4539e546d9365974931e46b0e05d85b4e928b08	commit \| diff

secure_seq: use the 64 bits of the siphash for port offset calculation

BugLink: https://bugs.launchpad.net/bugs/1980278
[ Upstream commit b2d057560b8107c633b39aabe517ff9d93f285e3 ]

SipHash replaced MD5 in secure_ipv{4,6}_port_ephemeral() via commit
7cd23e5300c1 ("secure_seq: use SipHash in place of MD5"), but the output
remained truncated to 32-bit only. In order to exploit more bits from the
hash, let's make the functions return the full 64-bit of siphash_3u32().
We also make sure the port offset calculation in __inet_hash_connect()
remains done on 32-bit to avoid the need for div_u64_rem() and an extra
cost on 32-bit systems.

Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

include/net/inet_hashtables.h		diff \| blob \| blame \| history
include/net/secure_seq.h		diff \| blob \| blame \| history
net/core/secure_seq.c		diff \| blob \| blame \| history
net/ipv4/inet_hashtables.c		diff \| blob \| blame \| history
net/ipv6/inet6_hashtables.c		diff \| blob \| blame \| history