Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
netns: provide pure entropy for net_hash_mix()
net_hash_mix() currently uses kernel address of a struct net, and is used in many places that could be used to reveal this address to a patient attacker, thus defeating KASLR, for the typical case (initial net namespace, &init_net is not dynamically allocated) I believe the original implementation tried to avoid spending too many cycles in this function, but security comes first. Also provide entropy regardless of CONFIG_NET_NS. Fixes: 0b44191 ("netns: introduce the net_hash_mix "salt" for hashes") Signed-off-by: Eric Dumazet <firstname.lastname@example.org> Reported-by: Amit Klein <email@example.com> Reported-by: Benny Pinkas <firstname.lastname@example.org> Cc: Pavel Emelyanov <email@example.com> Signed-off-by: David S. Miller <firstname.lastname@example.org>
- Loading branch information
Showing with 4 additions and 8 deletions.