Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Kubecek <mkubecek@suse.cz>2019-07-09 08:58:53 +0200
committerMichal Kubecek <mkubecek@suse.cz>2019-07-09 08:59:10 +0200
commit4a871877addd9fb2950dcd659f81d47a40f9f9f9 (patch)
treefabdd8ccd13d894c18ee2a396010ab30a7e69034
parent545b7bdc13948b37e21f6158508e40ba886745e9 (diff)
netns: provide pure entropy for net_hash_mix() (CVE-2019-10639
bsc#1140577). suse-commit: 2a4726af5c8eeba349fbf64518c9bc0d2ef6d73f
-rw-r--r--include/net/net_namespace.h1
-rw-r--r--include/net/netns/hash.h10
-rw-r--r--net/core/net_namespace.c1
3 files changed, 4 insertions, 8 deletions
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 9aa2b8d38a8f..48b46d377fd7 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -54,6 +54,7 @@ struct net {
*/
spinlock_t rules_mod_lock;
+ u32 hash_mix;
atomic64_t cookie_gen;
struct list_head list; /* list of network namespaces */
diff --git a/include/net/netns/hash.h b/include/net/netns/hash.h
index 2d87627aaf57..a347b2f9e748 100644
--- a/include/net/netns/hash.h
+++ b/include/net/netns/hash.h
@@ -1,16 +1,10 @@
#ifndef __NET_NS_HASH_H__
#define __NET_NS_HASH_H__
-#include <asm/cache.h>
-
-struct net;
+#include <net/net_namespace.h>
static inline u32 net_hash_mix(const struct net *net)
{
-#ifdef CONFIG_NET_NS
- return (u32)(((unsigned long)net) >> ilog2(sizeof(*net)));
-#else
- return 0;
-#endif
+ return net->hash_mix;
}
#endif
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index f8d47030b74b..4ab81fc0603f 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -285,6 +285,7 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns)
atomic_set(&net->count, 1);
atomic_set(&net->passive, 1);
+ get_random_bytes(&net->hash_mix, sizeof(u32));
net->dev_base_seq = 1;
net->user_ns = user_ns;
idr_init(&net->netns_ids);