brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 23:36:23 +09:00
Code Issues Projects Releases Wiki Activity
Linux kernel source tree for SHARP Brain series (PW-SH1 or later)
888,533 Commits 19 Branches 467 Tags 3.3 GiB
C 97.8%
Assembly 1.4%
Makefile 0.3%
Shell 0.2%
Python 0.1%
Other 0.1%
e46e23c289
Go to file
Eric Dumazet e46e23c289 ipv4: make exception cache less predictible 
[ Upstream commit 67d6d681e15b578c1725bad8ad079e05d1c48a8e ]

Even after commit 6457378fe796 ("ipv4: use siphash instead of Jenkins in
fnhe_hashfun()"), an attacker can still use brute force to learn
some secrets from a victim linux host.

One way to defeat these attacks is to make the max depth of the hash
table bucket a random value.

Before this patch, each bucket of the hash table used to store exceptions
could contain 6 items under attack.

After the patch, each bucket would contains a random number of items,
between 6 and 10. The attacker can no longer infer secrets.

This is slightly increasing memory size used by the hash table,
by 50% in average, we do not expect this to be a problem.

This patch is more complex than the prior one (IPv6 equivalent),
because IPv4 was reusing the oldest entry.
Since we need to be able to evict more than one entry per
update_or_create_fnhe() call, I had to replace
fnhe_oldest() with fnhe_remove_oldest().

Also note that we will queue extra kfree_rcu() calls under stress,
which hopefully wont be a too big issue.

Fixes: 4895c771c7 ("ipv4: Add FIB nexthop exceptions.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Reviewed-by: David Ahern <dsahern@kernel.org>
Tested-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-15 09:47:37 +02:00
arch arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 2021-09-15 09:47:34 +02:00
block blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() 2021-08-12 13:20:58 +02:00
certs certs: Trigger creation of RSA module signing key if it's not an RSA key 2021-09-15 09:47:29 +02:00
crypto crypto: shash - avoid comparing pointers to exported functions under CFI 2021-07-14 16:53:13 +02:00
Documentation KVM: X86: MMU: Use the correct inherited permissions to get shadow page 2021-08-15 13:08:04 +02:00
drivers brcmfmac: pcie: fix oops on failure to resume and reprobe 2021-09-15 09:47:37 +02:00
fs CIFS: Fix a potencially linear read overflow 2021-09-15 09:47:36 +02:00
include PM: EM: Increase energy calculation precision 2021-09-15 09:47:33 +02:00
init kbuild: add CONFIG_LD_IS_LLD 2021-06-30 08:47:44 -04:00
ipc ipc/util.c: sysvipc_find_ipc() incorrectly updates position index 2020-05-20 08:20:16 +02:00
kernel bpf: Fix possible out of bound write in narrow load handling 2021-09-15 09:47:36 +02:00
lib lib/mpi: use kcalloc in mpi_resize 2021-09-15 09:47:29 +02:00
LICENSES LICENSES: Rename other to deprecated 2019-05-03 06:34:32 -06:00
mm mm/page_alloc: speed up the iteration of max_order 2021-09-12 08:56:41 +02:00
net ipv4: make exception cache less predictible 2021-09-15 09:47:37 +02:00
samples samples/bpf: Fix the error return code of xdp_redirect's main() 2021-07-14 16:53:30 +02:00
scripts scripts/tracing: fix the bug that can't parse raw_trace_func 2021-08-12 13:21:00 +02:00
security smackfs: restrict bytes count in smk_set_cipso() 2021-07-19 08:53:18 +02:00
sound ASoC: wcd9335: Disable irq on slave ports in the remove function 2021-09-15 09:47:37 +02:00
tools bpf: Fix a typo of reuseport map in bpf.h. 2021-09-15 09:47:30 +02:00
usr initramfs: restore default compression behavior 2020-04-08 09:08:38 +02:00
virt KVM: Do not leak memory for duplicate debugfs directories 2021-08-12 13:21:03 +02:00
.clang-format clang-format: Update with the latest for_each macro list 2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Modules updates for v5.4 2019-09-22 10:34:46 -07:00
.mailmap ARM: SoC fixes 2019-11-10 13:41:59 -08:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer 2019-10-10 08:12:51 -07:00
Kbuild kbuild: do not descend to ./Kbuild when cleaning 2019-08-21 21:03:58 +09:00
Kconfig docs: kbuild: convert docs to ReST and rename to *.rst 2019-06-14 14:21:21 -06:00
MAINTAINERS Documentation/llvm: add documentation on building w/ Clang/LLVM 2020-08-26 10:40:46 +02:00
Makefile Linux 5.4.145 2021-09-12 08:56:42 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.