shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-11 13:27:06 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
0889f0a3bb2de535f48424491d8f9d5954a3cde8
linux/net/ipv4
History
Eric Dumazet 0889f0a3bb inet: use bigger hash table for IP ID generation 
commit aa6dd211e4 upstream.

In commit 73f156a6e8 ("inetpeer: get rid of ip_id_count")
I used a very small hash table that could be abused
by patient attackers to reveal sensitive information.

Switch to a dynamic sizing, depending on RAM size.

Typical big hosts will now use 128x more storage (2 MB)
to get a similar increase in security and reduction
of hash collisions.

As a bonus, use of alloc_large_system_hash() spreads
allocated memory among all NUMA nodes.

Fixes: 73f156a6e8 ("inetpeer: get rid of ip_id_count")
Reported-by: Amit Klein <aksecurity@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-30 08:49:18 -04:00
..
netfilter
netfilter: x_tables: fix compat match/target pad out-of-bound write
2021-04-16 11:59:12 +02:00
af_inet.c
gso_segment: Reset skb->mac_len after modifying network header
2018-09-29 03:07:32 -07:00
ah4.c
ipsec: check return value of skb_to_sgvec always
2018-04-13 19:48:31 +02:00
arp.c
arp: fix arp_filter on l3slave devices
2018-04-13 19:48:32 +02:00
cipso_ipv4.c
net: ipv4: fix memory leak in netlbl_cipsov4_add_std
2021-06-30 08:49:13 -04:00
datagram.c
inet: stop leaking jiffies on the wire
2019-11-10 11:23:29 +01:00
devinet.c
devinet: fix memleak in inetdev_init()
2020-06-11 09:22:21 +02:00
esp4.c
ipsec: check return value of skb_to_sgvec always
2018-04-13 19:48:31 +02:00
fib_frontend.c
ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
2021-01-12 19:49:02 +01:00
fib_lookup.h
fib_rules.c
switchdev: remove FIB offload infrastructure
2016-09-28 04:48:00 -04:00
fib_semantics.c
net: Fix the arp error in some cases
2020-06-30 15:38:39 -04:00
fib_trie.c
ipv4: Silence suspicious RCU usage warning
2020-08-21 11:01:55 +02:00
fou.c
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
2019-04-27 09:34:40 +02:00
gre_demux.c
gre: fix uninit-value in __iptunnel_pull_header
2020-03-20 09:07:38 +01:00
gre_offload.c
gso: fix payload length when gso_size is zero
2017-11-18 11:22:20 +01:00
icmp.c
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
2021-03-03 17:44:46 +01:00
igmp.c
net: ipv4: fix memory leak in ip_mc_add1_src
2021-06-30 08:49:15 -04:00
inet_connection_sock.c
net: refactor bind_bucket fastreuse into helper
2020-09-12 11:47:38 +02:00
inet_diag.c
inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
2020-11-24 13:02:54 +01:00
inet_fragment.c
net: IP defrag: encapsulate rbtree defrag code into callable functions
2019-05-02 09:32:06 +02:00
inet_hashtables.c
net: initialize fastreuse on inet_inherit_port
2020-09-12 11:47:38 +02:00
inet_timewait_sock.c
soreuseport: initialise timewait reuseport field
2018-05-16 10:08:41 +02:00
inetpeer.c
net: ipv4: use a dedicated counter for icmp_v4 redirect packets
2019-02-23 09:05:59 +01:00
ip_forward.c
ipv4: allow local fragmentation in ip_finish_output_gso()
2016-11-03 16:10:26 -04:00
ip_fragment.c
net: IP defrag: encapsulate rbtree defrag code into callable functions
2019-05-02 09:32:06 +02:00
ip_gre.c
ip_gre: fix parsing gre header in ipgre_err
2019-11-25 09:52:23 +01:00
ip_input.c
vrf: check accept_source_route on the original netdevice
2019-04-17 08:36:45 +02:00
ip_options.c
vrf: check accept_source_route on the original netdevice
2019-04-17 08:36:45 +02:00
ip_output.c
net: ip: always refragment ip defragmented packets
2021-01-17 13:57:53 +01:00
ip_sockglue.c
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
2019-01-23 08:10:54 +01:00
ip_tunnel_core.c
ip_tunnel: don't force DF when MTU is locked
2018-11-23 08:20:34 +01:00
ip_tunnel.c
net: fix pmtu check in nopmtudisc mode
2021-01-17 13:57:53 +01:00
ip_vti.c
ip_vti: receive ipip packet by calling ip_tunnel_rcv
2020-06-03 08:16:45 +02:00
ipcomp.c
ipconfig.c
net: ipconfig: Don't override command-line hostnames or domains
2021-06-30 08:49:11 -04:00
ipip.c
net: ipip: fix wrong address family in init error path
2020-06-03 08:16:23 +02:00
ipmr.c
ipv4: Fix potential Spectre v1 vulnerability
2019-01-09 16:16:39 +01:00
Kconfig
vti[6]: fix packet tx through bpf_redirect() in XinY cases
2020-04-02 17:20:34 +02:00
Makefile
tcp_bbr: add BBR congestion control
2016-09-21 00:23:01 -04:00
netfilter.c
netfilter: use skb_to_full_sk in ip_route_me_harder
2017-07-05 14:40:28 +02:00
ping.c
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
2020-07-22 09:10:47 +02:00
proc.c
tcp: tcp_fragment() should apply sane memory limits
2019-06-17 19:53:32 +02:00
protocol.c
raw.c
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
2020-05-02 17:22:56 +02:00
route.c
inet: use bigger hash table for IP ID generation
2021-06-30 08:49:18 -04:00
syncookies.c
net: Update window_clamp if SOCK_RCVBUF is set
2020-11-18 18:26:29 +01:00
sysctl_net_ipv4.c
tcp: add tcp_min_snd_mss sysctl
2019-06-17 19:53:33 +02:00
tcp_bbr.c
tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
2020-11-24 13:02:59 +01:00
tcp_bic.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_cdg.c
tcp: cdg: rename struct minmax in tcp_cdg.c to avoid a naming conflict
2016-09-21 00:22:59 -04:00
tcp_cong.c
tcp: make sure listeners don't initialize congestion-control state
2020-07-22 09:10:48 +02:00
tcp_cubic.c
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
2020-06-30 15:38:39 -04:00
tcp_dctcp.c
tcp: Ensure DCTCP reacts to losses
2019-04-17 08:36:45 +02:00
tcp_diag.c
net: diag: Fix refcnt leak in error path destroying socket
2016-08-23 23:11:36 -07:00
tcp_fastopen.c
tcp: initialize max window for a new fastopen socket
2017-02-04 09:47:10 +01:00
tcp_highspeed.c
tcp_htcp.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_hybla.c
tcp_illinois.c
net/tcp/illinois: replace broken algorithm reference link
2018-05-30 07:50:33 +02:00
tcp_input.c
tcp: fix to update snd_wl1 in bulk receiver fast path
2020-10-29 09:05:32 +01:00
tcp_ipv4.c
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
2020-07-22 09:10:48 +02:00
tcp_lp.c
tcp: fix wraparound issue in tcp_lp
2017-05-14 14:00:21 +02:00
tcp_metrics.c
tcp: make nla_policy const
2016-09-01 14:09:01 -07:00
tcp_minisocks.c
tcp: do not restart timewait timer on rst reception
2018-09-15 09:42:56 +02:00
tcp_nv.c
tcp_nv: fix potential integer overflow in tcpnv_acked
2018-05-30 07:50:22 +02:00
tcp_offload.c
gso: validate gso_type in GSO handlers
2018-01-31 12:55:55 +01:00
tcp_output.c
tcp: fix cwnd-limited bug for TSO deferral where we send nothing
2020-12-29 13:44:48 +01:00
tcp_probe.c
tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
2018-09-15 09:43:01 +02:00
tcp_rate.c
tcp: invalidate rate samples during SACK reneging
2018-01-02 20:35:13 +01:00
tcp_recovery.c
tcp: do not assume TCP code is non preemptible
2016-05-02 17:02:25 -04:00
tcp_scalable.c
tcp_timer.c
tcp: fix SNMP TCP timeout under-estimation
2019-12-21 10:41:17 +01:00
tcp_vegas.c
tcp: fix under-evaluated ssthresh in TCP Vegas
2017-12-25 14:23:45 +01:00
tcp_vegas.h
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_veno.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_westwood.c
tcp: replace cnt & rtt with struct in pkts_acked()
2016-05-11 14:43:19 -04:00
tcp_yeah.c
tcp: cwnd does not increase in TCP YeAH
2016-09-08 17:16:12 -07:00
tcp.c
tcp: md5: allow changing MD5 keys in all socket states
2020-07-22 09:10:48 +02:00
tunnel4.c
tunnels: correct conditional build of MPLS and IPv6
2016-07-11 13:27:06 -07:00
udp_diag.c
net: inet: diag: expose the socket mark to privileged processes.
2016-09-08 16:13:09 -07:00
udp_impl.h
udplite: call proper backlog handlers
2016-11-24 15:32:14 -05:00
udp_offload.c
net: Fix gro aggregation for udp encaps with zero csum
2021-03-17 16:10:13 +01:00
udp_tunnel.c
net: Remove deprecated tunnel specific UDP offload functions
2016-06-17 20:23:32 -07:00
udp.c
udp: fix race between close() and udp_abort()
2021-06-30 08:49:13 -04:00
udplite.c
udplite: call proper backlog handlers
2016-11-24 15:32:14 -05:00
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
2020-05-02 17:23:09 +02:00
xfrm4_policy.c
xfrm4: Fix uninitialized memory read in _decode_session4
2019-05-25 18:26:55 +02:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c