Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ipv6: switch inet6_acaddr_hash() to less predictable hash

commit 2384d02520ff ("net/ipv6: Add anycast addresses to a global hashtable")
added inet6_acaddr_hash(), using ipv6_addr_hash() and net_hash_mix()
to get hash spreading for typical users.

However ipv6_addr_hash() is highly predictable and a malicious user
could abuse a specific hash bucket.

Switch to __ipv6_addr_jhash(). We could use a dedicated
secret, or reuse net_hash_mix() as I did in this patch.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20241008121307.800040-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Eric Dumazet and committed by
Jakub Kicinski
4daf4dc2 4a0ec2aa

+3 -2
+3 -2
net/ipv6/anycast.c
··· 49 49 50 50 static int ipv6_dev_ac_dec(struct net_device *dev, const struct in6_addr *addr); 51 51 52 - static u32 inet6_acaddr_hash(struct net *net, const struct in6_addr *addr) 52 + static u32 inet6_acaddr_hash(const struct net *net, 53 + const struct in6_addr *addr) 53 54 { 54 - u32 val = ipv6_addr_hash(addr) ^ net_hash_mix(net); 55 + u32 val = __ipv6_addr_jhash(addr, net_hash_mix(net)); 55 56 56 57 return hash_32(val, IN6_ADDR_HSIZE_SHIFT); 57 58 }