AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-10 10:03:26 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
79caa5fad4
linux_dsm_epyc7002/include/net/netns
History
Eric Dumazet 355b985537 netns: provide pure entropy for net_hash_mix() 
net_hash_mix() currently uses kernel address of a struct net,
and is used in many places that could be used to reveal this
address to a patient attacker, thus defeating KASLR, for
the typical case (initial net namespace, &init_net is
not dynamically allocated)

I believe the original implementation tried to avoid spending
too many cycles in this function, but security comes first.

Also provide entropy regardless of CONFIG_NET_NS.

Fixes: 0b4419162a ("netns: introduce the net_hash_mix "salt" for hashes")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reported-by: Benny Pinkas <benny@pinkas.net>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-28 17:00:45 -07:00
..
can.h
conntrack.h netfilter: conntrack: remove l4proto init and get_net callbacks 2019-01-18 15:02:34 +01:00
core.h
dccp.h
generic.h
hash.h netns: provide pure entropy for net_hash_mix() 2019-03-28 17:00:45 -07:00
ieee802154_6lowpan.h
ipv4.h
ipv6.h ipv6: icmp: use percpu allocation 2019-02-24 21:57:26 -08:00
mib.h
mpls.h
netfilter.h
nftables.h
packet.h
sctp.h
unix.h
x_tables.h
xdp.h net: xsk: track AF_XDP sockets on a per-netns list 2019-01-25 01:50:03 +01:00
xfrm.h xfrm: policy: store inexact policies in an rhashtable 2018-11-09 11:57:47 +01:00