diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-05-07 19:06:28 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-05-07 19:06:28 +0100 |
commit | 94bf804d87ef1ebb83ebf2e369d8f8e4fdfe4bcb (patch) | |
tree | 9b197191cf4e422c9ee3edb8c8dbdaa78a9987f9 | |
parent | db74084370b3bdff64de28f2bc4252bd58faaea2 (diff) | |
download | linux-stable-queue-94bf804d87ef1ebb83ebf2e369d8f8e4fdfe4bcb.tar.gz |
Apply backported fix for IP ID randomisation
-rw-r--r-- | queue-3.16/inet-update-the-ip-id-generation-algorithm-to-higher-standards.patch | 60 | ||||
-rw-r--r-- | queue-3.16/series | 1 |
2 files changed, 61 insertions, 0 deletions
diff --git a/queue-3.16/inet-update-the-ip-id-generation-algorithm-to-higher-standards.patch b/queue-3.16/inet-update-the-ip-id-generation-algorithm-to-higher-standards.patch new file mode 100644 index 00000000..8b9855f2 --- /dev/null +++ b/queue-3.16/inet-update-the-ip-id-generation-algorithm-to-higher-standards.patch @@ -0,0 +1,60 @@ +From: Amit Klein <aksecurity@gmail.com> +Date: Thu, 18 Apr 2019 21:07:11 +0000 +Subject: inet: update the IP ID generation algorithm to higher standards. + +Commit 355b98553789 ("netns: provide pure entropy for net_hash_mix()") +makes net_hash_mix() return a true 32 bits of entropy. When used in the +IP ID generation algorithm, this has the effect of extending the IP ID +generation key from 32 bits to 64 bits. + +However, net_hash_mix() is only used for IP ID generation starting with +kernel version 4.1. Therefore, earlier kernels remain with 32-bit key +no matter what the net_hash_mix() return value is. + +This change addresses the issue by explicitly extending the key to 64 +bits for kernels older than 4.1. + +Signed-off-by: Amit Klein <aksecurity@gmail.com> +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + net/ipv4/route.c | 4 +++- + net/ipv6/ip6_output.c | 3 +++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -487,13 +487,15 @@ EXPORT_SYMBOL(ip_idents_reserve); + void __ip_select_ident(struct iphdr *iph, int segs) + { + static u32 ip_idents_hashrnd __read_mostly; ++ static u32 ip_idents_hashrnd_extra __read_mostly; + u32 hash, id; + + net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd)); ++ net_get_random_once(&ip_idents_hashrnd_extra, sizeof(ip_idents_hashrnd_extra)); + + hash = jhash_3words((__force u32)iph->daddr, + (__force u32)iph->saddr, +- iph->protocol, ++ iph->protocol ^ ip_idents_hashrnd_extra, + ip_idents_hashrnd); + id = ip_idents_reserve(hash, segs); + iph->id = htons(id); +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -541,12 +541,15 @@ static void ip6_copy_metadata(struct sk_ + static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) + { + static u32 ip6_idents_hashrnd __read_mostly; ++ static u32 ip6_idents_hashrnd_extra __read_mostly; + u32 hash, id; + + net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd)); ++ net_get_random_once(&ip6_idents_hashrnd_extra, sizeof(ip6_idents_hashrnd_extra)); + + hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd); + hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash); ++ hash = jhash_1word(hash, ip6_idents_hashrnd_extra); + + id = ip_idents_reserve(hash, 1); + fhdr->identification = htonl(id); diff --git a/queue-3.16/series b/queue-3.16/series index 12d609bd..3807a922 100644 --- a/queue-3.16/series +++ b/queue-3.16/series @@ -1,2 +1,3 @@ revert-brcmfmac-assure-ssid-length--from-firmware-is-limited.patch brcmfmac-add-length-checks-in-scheduled-scan-result-handler.patch +inet-update-the-ip-id-generation-algorithm-to-higher-standards.patch |