iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet aa6dd211e4 inet: use bigger hash table for IP ID generation 
In commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count")
I used a very small hash table that could be abused
by patient attackers to reveal sensitive information.

Switch to a dynamic sizing, depending on RAM size.

Typical big hosts will now use 128x more storage (2 MB)
to get a similar increase in security and reduction
of hash collisions.

As a bonus, use of alloc_large_system_hash() spreads
allocated memory among all NUMA nodes.

Fixes: 73f156a6e8c1 ("inetpeer: get rid of ip_id_count")
Reported-by: Amit Klein <aksecurity@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-24 16:45:11 -07:00
..
6lowpan
9p
net: 9p: advance iov on empty read
2021-03-03 16:57:59 -08:00
802
8021q
net: bridge: resolve forwarding path for VLAN tag actions in bridge devices
2021-03-24 12:48:38 -07:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-02-12 16:40:28 -08:00
atm
net: atm: pppoatm: use new API for wakeup tasklet
2021-01-29 18:24:05 -08:00
ax25
net: ax25: Fix fall-through warnings for Clang
2021-03-10 12:45:15 -08:00
batman-adv
There is only a single patch this time:
2021-03-13 14:27:56 -08:00
bluetooth
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kern
2021-02-11 14:59:01 -08:00
bpf
bpf: Add PROG_TEST_RUN support for sk_lookup programs
2021-03-04 19:11:29 -08:00
bpfilter
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
bridge
netfilter: flowtable: bridge vlan hardware offload and switchdev
2021-03-24 12:48:39 -07:00
caif
net: caif: Use netif_rx_any_context().
2021-02-15 13:21:48 -08:00
can
net: introduce CAN specific pointer in the struct net_device
2021-02-24 14:32:15 -08:00
ceph
libceph: remove osdtimeout option entirely
2021-02-16 12:09:52 +01:00
core
net: resolve forwarding path from virtual netdevice and HW destination address
2021-03-24 12:48:38 -07:00
dcb
net: dcb: use obj-$(CONFIG_DCB) form in net/Makefile
2021-01-27 17:03:52 -08:00
dccp
dccp: Return the correct errno code
2021-02-06 11:15:28 -08:00
decnet
net: decnet: Fixed multiple Coding Style issues
2021-03-24 16:25:21 -07:00
dns_resolver
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
dsa
dsa: slave: add support for TC_SETUP_FT
2021-03-24 12:48:39 -07:00
ethernet
ethernet: avoid retpoline overhead on TEB (GENEVE, NvGRE, VxLAN) GRO
2021-03-18 19:51:12 -07:00
ethtool
ethtool: Add common function for filling out strings
2021-03-17 11:42:30 -07:00
hsr
/net/hsr: fix misspellings using codespell tool
2021-03-18 19:13:41 -07:00
ieee802154
treewide: rename nla_strlcpy to nla_strscpy.
2020-11-16 08:08:54 -08:00
ife
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
ipv4
inet: use bigger hash table for IP ID generation
2021-03-24 16:45:11 -07:00
ipv6
seg6: ignore routing header with segments left equal to 0
2021-03-11 16:09:21 -08:00
iucv
net/af_iucv: build SG skbs for TRANS_HIPER sockets
2021-01-28 20:36:22 -08:00
kcm
net: group skb_shinfo zerocopy related bits together.
2021-01-07 16:08:37 -08:00
key
af_key: relax availability checks for skb size calculation
2021-01-04 10:05:50 +01:00
l2tp
net: l2tp: Fix a typo
2021-03-22 13:17:49 -07:00
l3mdev
net: l3mdev: use obj-$(CONFIG_NET_L3_MASTER_DEV) form in net/Makefile
2021-01-27 17:03:52 -08:00
lapb
net: lapb: Make "lapb_t1timer_running" able to detect an already running timer
2021-03-23 14:14:50 -07:00
llc
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
mac80211
cfg80211/mac80211: Support disabling HE mode
2021-02-12 09:33:34 +01:00
mac802154
net: mac802154: convert tasklets to use new tasklet_setup() API
2020-11-07 10:40:56 -08:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-09 16:12:20 -08:00
mptcp
mptcp: remove a list of addrs when flushing
2021-03-12 17:47:45 -08:00
ncsi
net/ncsi: Use real net-device for response handler
2020-12-23 12:22:23 -08:00
netfilter
netfilter: flowtable: support for FLOW_ACTION_PPPOE_PUSH
2021-03-24 12:48:39 -07:00
netlabel
cipso,calipso: resolve a number of problems with the DOI refcounts
2021-03-04 15:26:57 -08:00
netlink
mptcp: avoid lock_fast usage in accept path
2021-02-12 16:31:46 -08:00
netrom
nfc
TTY/Serial driver changes for 5.12-rc1
2021-02-20 21:28:04 -08:00
nsh
openvswitch
openvswitch: Fix a typo
2021-03-22 12:59:46 -07:00
packet
net/packet: Improve the comment about LL header visibility criteria
2021-02-06 14:59:28 -08:00
phonet
psample
psample: Add additional metadata attributes
2021-03-14 15:00:43 -07:00
qrtr
net: qrtr: fix error return code of qrtr_sendmsg()
2021-03-08 15:02:53 -08:00
rds
net/rds: Drop duplicate sin and sin6 assignments
2021-03-10 12:45:15 -08:00
rfkill
rfkill: add a reason to the HW rfkill state
2020-12-11 12:47:17 +01:00
rose
net: rose: Fix fall-through warnings for Clang
2021-03-10 12:45:15 -08:00
rxrpc
rxrpc: Fix dependency on IPv6 in udp tunnel config
2021-02-12 16:42:05 -08:00
sched
net: sched: Mundane typo fixes
2021-03-24 15:09:11 -07:00
sctp
net: sctp: trivial: fix typo in comment
2021-03-04 13:48:32 -08:00
smc
net/smc: use memcpy instead of snprintf to avoid out of bounds read
2021-01-12 20:22:01 -08:00
strparser
sunrpc
NFS Client Updates for Linux 5.12
2021-02-26 09:17:24 -08:00
switchdev
net: bridge: propagate extack through switchdev_port_attr_set
2021-02-14 17:38:11 -08:00
tipc
tipc: remove some unnecessary warnings
2021-03-17 11:51:05 -07:00
tls
net/tls: Select SOCK_RX_QUEUE_MAPPING from TLS_DEVICE
2021-02-11 19:08:06 -08:00
unix
af_unix: handle idmapped mounts
2021-01-24 14:27:18 +01:00
vmw_vsock
vsock: fix locking in vsock_shutdown()
2021-02-09 15:31:22 -08:00
wireless
cfg80211/mac80211: Support disabling HE mode
2021-02-12 09:33:34 +01:00
x25
net: x25: Remove unimplemented X.25-over-LLC code stubs
2020-12-12 17:15:33 -08:00
xdp
bpf, xdp: Restructure redirect actions
2021-03-10 01:06:34 +01:00
xfrm
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
2021-02-09 11:23:41 -08:00
compat.c
iov_iter: transparently handle compat iovecs in import_iovec
2020-10-03 00:02:13 -04:00
devres.c
Kconfig
net: add CONFIG_PCPU_DEV_REFCNT
2021-03-19 13:38:46 -07:00
Makefile
net: l3mdev: use obj-$(CONFIG_NET_L3_MASTER_DEV) form in net/Makefile
2021-01-27 17:03:52 -08:00
socket.c
io_uring-worker.v3-2021-02-25
2021-02-27 08:29:02 -08:00
sysctl_net.c