summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorArnd Bergmann <arnd@arndb.de>2017-06-08 09:54:24 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2017-06-24 07:11:12 +0200
commit47537bceb7b7de66a2cf8d0f3c1b15da7be7ef4d (patch)
tree29dfc956a7d707f42c8032a476b7b2b6436a7f60 /net
parent95f47cd7d7d8f40a1cc744a4a3116b44a43e6514 (diff)
ila_xlat: add missing hash secret initialization
commit 0db47e3d323411beeb6ea97f2c4d19395c91fd8b upstream. While discussing the possible merits of clang warning about unused initialized functions, I found one function that was clearly meant to be called but never actually is. __ila_hash_secret_init() initializes the hash value for the ila locator, apparently this is intended to prevent hash collision attacks, but this ends up being a read-only zero constant since there is no caller. I could find no indication of why it was never called, the earliest patch submission for the module already was like this. If my interpretation is right, we certainly want to backport the patch to stable kernels as well. I considered adding it to the ila_xlat_init callback, but for best effect the random data is read as late as possible, just before it is first used. The underlying net_get_random_once() is already highly optimized to avoid overhead when called frequently. Fixes: 7f00feaf1076 ("ila: Add generic ILA translation facility") Link: https://www.spinics.net/lists/kernel/msg2527243.html Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r--net/ipv6/ila/ila_xlat.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/ila/ila_xlat.c b/net/ipv6/ila/ila_xlat.c
index e604013dd814..7a5b9812af10 100644
--- a/net/ipv6/ila/ila_xlat.c
+++ b/net/ipv6/ila/ila_xlat.c
@@ -68,6 +68,7 @@ static inline u32 ila_locator_hash(struct ila_locator loc)
{
u32 *v = (u32 *)loc.v32;
+ __ila_hash_secret_init();
return jhash_2words(v[0], v[1], hashrnd);
}