netns: provide pure entropy for net_hash_mix() (355b9855) · Commits · 戴 / test

net_hash_mix() currently uses kernel address of a struct net, and is used in many places that could be used to reveal this address to a patient attacker, thus defeating KASLR, for the typical case (initial net namespace, &init_net is not dynamically allocated) I believe the original implementation tried to avoid spending too many cycles in this function, but security comes first. Also provide entropy regardless of CONFIG_NET_NS. Fixes: ("netns: introduce the net_hash_mix "salt" for hashes") Signed-off-by:

Eric Dumazet <edumazet@google.com> Reported-by:

Amit Klein <aksecurity@gmail.com> Reported-by:

Benny Pinkas <benny@pinkas.net> Cc: Pavel Emelyanov <xemul@openvz.org> Signed-off-by:

David S. Miller <davem@davemloft.net>

include/net/net_namespace.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -59,6 +59,7 @@ struct net {
		*/
		spinlock_t rules_mod_lock;

		u32 hash_mix;
		atomic64_t cookie_gen;

		struct list_head list; /* list of network namespaces */

include/net/netns/hash.h

+2 −8

Original line number	Diff line number	Diff line
		@@ -2,16 +2,10 @@
		#ifndef __NET_NS_HASH_H__
		#define __NET_NS_HASH_H__

		#include <asm/cache.h>

		struct net;
		#include <net/net_namespace.h>

		static inline u32 net_hash_mix(const struct net *net)
		{
		#ifdef CONFIG_NET_NS
		return (u32)(((unsigned long)net) >> ilog2(sizeof(*net)));
		#else
		return 0;
		#endif
		return net->hash_mix;
		}
		#endif

net/core/net_namespace.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -304,6 +304,7 @@ static __net_init int setup_net(struct net net, struct user_namespace user_ns)

		refcount_set(&net->count, 1);
		refcount_set(&net->passive, 1);
		get_random_bytes(&net->hash_mix, sizeof(u32));
		net->dev_base_seq = 1;
		net->user_ns = user_ns;
		idr_init(&net->netns_ids);

Admin message