ipv4: Switch inet_addr_hash() to less predictable hash.

q2ven · Paolo Abeni · commit c972c1c41d9b · 2024-10-23T13:17:35.000+02:00
Recently, commit 4a0ec2a ("ipv6: switch inet6_addr_hash() to less predictable hash") and commit 4daf4dc ("ipv6: switch inet6_acaddr_hash() to less predictable hash") hardened IPv6 address hash functions. inet_addr_hash() is also highly predictable, and a malicious use could abuse a specific bucket. Let's follow the change on IPv4 by using jhash_1word(). Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20241018014100.93776-1-kuniyu@amazon.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
diff --git a/include/net/ip.h b/include/net/ip.h
@@ -690,6 +690,11 @@ static inline unsigned int ipv4_addr_hash(__be32 ip)
 	return (__force unsigned int) ip;
 }
 
+static inline u32 __ipv4_addr_hash(const __be32 ip, const u32 initval)
+{
+	return jhash_1word((__force u32)ip, initval);
+}
+
 static inline u32 ipv4_portaddr_hash(const struct net *net,
 				     __be32 saddr,
 				     unsigned int port)
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
@@ -121,7 +121,7 @@ struct inet_fill_args {
 
 static u32 inet_addr_hash(const struct net *net, __be32 addr)
 {
-	u32 val = (__force u32) addr ^ net_hash_mix(net);
+	u32 val = __ipv4_addr_hash(addr, net_hash_mix(net));
 
 	return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
 }

Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ struct inet_fill_args {`
`121`	`121`
`122`	`122`	`static u32 inet_addr_hash(const struct net *net, __be32 addr)`
`123`	`123`	`{`
`124`		`- u32 val = (__force u32) addr ^ net_hash_mix(net);`
	`124`	`+ u32 val = __ipv4_addr_hash(addr, net_hash_mix(net));`
`125`	`125`
`126`	`126`	`return hash_32(val, IN4_ADDR_HSIZE_SHIFT);`
`127`	`127`	`}`