Commit 7f19fc5e authored by Daniel Borkmann's avatar Daniel Borkmann Committed by David S. Miller
Browse files

netlink: use jhash as hashfn for rhashtable 

For netlink, we shouldn't be using arch_fast_hash() as a hashing
discipline, but rather jhash() instead.

Since netlink sockets can be opened by any user, a local attacker
would be able to easily create collisions with the DPDK-derived
arch_fast_hash(), which trades off performance for security by
using crc32 CPU instructions on x86_64.

While it might have a legimite use case in other places, it should
be avoided in netlink context, though. As rhashtable's API is very
flexible, we could later on still decide on other hashing disciplines,
if legitimate.

Reference: http://thread.gmane.org/gmane.linux.kernel/1844123


Fixes: e341694e ("netlink: Convert netlink_lookup() to use RCU protected hash table")
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Acked-by: default avatarThomas Graf <tgraf@suug.ch>
Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7d339890

net/netlink/af_netlink.c

+1 −1
Original line number Diff line number Diff line
@@ -3129,7 +3129,7 @@ static int __init netlink_proto_init(void) 
		.head_offset = offsetof(struct netlink_sock, node),

		.key_offset = offsetof(struct netlink_sock, portid),

		.key_len = sizeof(u32), /* portid */

		.hashfn = arch_fast_hash,

		.hashfn = jhash,

		.max_shift = 16, /* 64K */

		.grow_decision = rht_grow_above_75,

		.shrink_decision = rht_shrink_below_30,

CRA Git | Maintained and supported by SUSTech CRA and CCSE