Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9de6f42 authored by Eric Dumazet's avatar Eric Dumazet Committed by Greg Kroah-Hartman
Browse files

net/flow_dissector: switch to siphash 



commit 55667441c84fa5e0911a0aac44fb059c15ba6da2 upstream.

UDP IPv6 packets auto flowlabels are using a 32bit secret
(static u32 hashrnd in net/core/flow_dissector.c) and
apply jhash() over fields known by the receivers.

Attackers can easily infer the 32bit secret and use this information
to identify a device and/or user, since this 32bit secret is only
set at boot time.

Really, using jhash() to generate cookies sent on the wire
is a serious security concern.

Trying to change the rol32(hash, 16) in ip6_make_flowlabel() would be
a dead end. Trying to periodically change the secret (like in sch_sfq.c)
could change paths taken in the network for long lived flows.

Let's switch to siphash, as we did in commit df453700e8d8
("inet: switch IP ID generator to siphash")

Using a cryptographically strong pseudo random function will solve this
privacy issue and more generally remove other weak points in the stack.

Packet schedulers using skb_get_hash_perturb() benefit from this change.

Fixes: b5677416 ("ipv6: Enable auto flow labels by default")
Fixes: 42240901 ("ipv6: Implement different admin modes for automatic flow labels")
Fixes: 67800f9b ("ipv6: Call skb_get_hash_flowi6 to get skb->hash in ip6_make_flowlabel")
Fixes: cb1ce2ef ("ipv6: Implement automatic flow label generation on transmit")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Reported-by: default avatarJonathan Berger <jonathann1@walla.com>
Reported-by: default avatarAmit Klein <aksecurity@gmail.com>
Reported-by: default avatarBenny Pinkas <benny@pinkas.net>
Cc: Tom Herbert <tom@herbertland.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 4fa6002a

include/linux/skbuff.h

+2 −1
Original line number Diff line number Diff line
@@ -1228,7 +1228,8 @@ static inline __u32 skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 
	return skb->hash;

}



__u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb);

__u32 skb_get_hash_perturb(const struct sk_buff *skb,

			   const siphash_key_t *perturb);



static inline __u32 skb_get_hash_raw(const struct sk_buff *skb)

{

include/net/flow_dissector.h

+2 −1
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 


#include <linux/types.h>

#include <linux/in6.h>

#include <linux/siphash.h>

#include <uapi/linux/if_ether.h>



/**
@@ -229,7 +230,7 @@ struct flow_dissector { 
struct flow_keys {

	struct flow_dissector_key_control control;

#define FLOW_KEYS_HASH_START_FIELD basic

	struct flow_dissector_key_basic basic;

	struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT);

	struct flow_dissector_key_tags tags;

	struct flow_dissector_key_vlan vlan;

	struct flow_dissector_key_keyid keyid;

include/net/fq.h

+1 −1
Original line number Diff line number Diff line
@@ -70,7 +70,7 @@ struct fq { 
	struct list_head backlogs;

	spinlock_t lock;

	u32 flows_cnt;

	u32 perturbation;

	siphash_key_t	perturbation;

	u32 limit;

	u32 memory_limit;

	u32 memory_usage;

include/net/fq_impl.h

+2 −2
Original line number Diff line number Diff line
@@ -105,7 +105,7 @@ static struct fq_flow *fq_flow_classify(struct fq *fq, 


	lockdep_assert_held(&fq->lock);



	hash = skb_get_hash_perturb(skb, fq->perturbation);

	hash = skb_get_hash_perturb(skb, &fq->perturbation);

	idx = reciprocal_scale(hash, fq->flows_cnt);

	flow = &fq->flows[idx];
@@ -255,7 +255,7 @@ static int fq_init(struct fq *fq, int flows_cnt) 
	INIT_LIST_HEAD(&fq->backlogs);

	spin_lock_init(&fq->lock);

	fq->flows_cnt = max_t(u32, flows_cnt, 1);

	fq->perturbation = prandom_u32();

	get_random_bytes(&fq->perturbation, sizeof(fq->perturbation));

	fq->quantum = 300;

	fq->limit = 8192;

	fq->memory_limit = 16 << 20; /* 16 MBytes */

net/core/flow_dissector.c

+20 −28
Original line number Diff line number Diff line
@@ -889,45 +889,34 @@ bool __skb_flow_dissect(const struct sk_buff *skb, 
}

EXPORT_SYMBOL(__skb_flow_dissect);



static u32 hashrnd __read_mostly;

static siphash_key_t hashrnd __read_mostly;

static __always_inline void __flow_hash_secret_init(void)

{

	net_get_random_once(&hashrnd, sizeof(hashrnd));

}



static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,

					     u32 keyval)

static const void *flow_keys_hash_start(const struct flow_keys *flow)

{

	return jhash2(words, length, keyval);

}



static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)

{

	const void *p = flow;



	BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));

	return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);

	BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % SIPHASH_ALIGNMENT);

	return &flow->FLOW_KEYS_HASH_START_FIELD;

}



static inline size_t flow_keys_hash_length(const struct flow_keys *flow)

{

	size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);

	BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));

	BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=

		     sizeof(*flow) - sizeof(flow->addrs));

	size_t len = offsetof(typeof(*flow), addrs) - FLOW_KEYS_HASH_OFFSET;



	switch (flow->control.addr_type) {

	case FLOW_DISSECTOR_KEY_IPV4_ADDRS:

		diff -= sizeof(flow->addrs.v4addrs);

		len += sizeof(flow->addrs.v4addrs);

		break;

	case FLOW_DISSECTOR_KEY_IPV6_ADDRS:

		diff -= sizeof(flow->addrs.v6addrs);

		len += sizeof(flow->addrs.v6addrs);

		break;

	case FLOW_DISSECTOR_KEY_TIPC_ADDRS:

		diff -= sizeof(flow->addrs.tipcaddrs);

		len += sizeof(flow->addrs.tipcaddrs);

		break;

	}

	return (sizeof(*flow) - diff) / sizeof(u32);

	return len;

}



__be32 flow_get_u32_src(const struct flow_keys *flow)
@@ -993,13 +982,14 @@ static inline void __flow_hash_consistentify(struct flow_keys *keys) 
	}

}



static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)

static inline u32 __flow_hash_from_keys(struct flow_keys *keys,

					const siphash_key_t *keyval)

{

	u32 hash;



	__flow_hash_consistentify(keys);



	hash = __flow_hash_words(flow_keys_hash_start(keys),

	hash = siphash(flow_keys_hash_start(keys),

		       flow_keys_hash_length(keys), keyval);

	if (!hash)

		hash = 1;
@@ -1010,12 +1000,13 @@ static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval) 
u32 flow_hash_from_keys(struct flow_keys *keys)

{

	__flow_hash_secret_init();

	return __flow_hash_from_keys(keys, hashrnd);

	return __flow_hash_from_keys(keys, &hashrnd);

}

EXPORT_SYMBOL(flow_hash_from_keys);



static inline u32 ___skb_get_hash(const struct sk_buff *skb,

				  struct flow_keys *keys, u32 keyval)

				  struct flow_keys *keys,

				  const siphash_key_t *keyval)

{

	skb_flow_dissect_flow_keys(skb, keys,

				   FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
@@ -1063,7 +1054,7 @@ u32 __skb_get_hash_symmetric(const struct sk_buff *skb) 
			   NULL, 0, 0, 0,

			   FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);



	return __flow_hash_from_keys(&keys, hashrnd);

	return __flow_hash_from_keys(&keys, &hashrnd);

}

EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
@@ -1083,13 +1074,14 @@ void __skb_get_hash(struct sk_buff *skb) 


	__flow_hash_secret_init();



	hash = ___skb_get_hash(skb, &keys, hashrnd);

	hash = ___skb_get_hash(skb, &keys, &hashrnd);



	__skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));

}

EXPORT_SYMBOL(__skb_get_hash);



__u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)

__u32 skb_get_hash_perturb(const struct sk_buff *skb,

			   const siphash_key_t *perturb)

{

	struct flow_keys keys;