lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20141209.143829.477482216978677919.davem@davemloft.net>
Date:	Tue, 09 Dec 2014 14:38:29 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	dborkman@...hat.com
Cc:	netdev@...r.kernel.org, herbert@...dor.apana.org.au, tgraf@...g.ch,
	hannes@...essinduktion.org
Subject: Re: [PATCH net] netlink: use jhash as hashfn for rhashtable

From: Daniel Borkmann <dborkman@...hat.com>
Date: Mon,  8 Dec 2014 17:30:30 +0100

> For netlink, we shouldn't be using arch_fast_hash() as a hashing
> discipline, but rather jhash() instead.
> 
> Since netlink sockets can be opened by any user, a local attacker
> would be able to easily create collisions with the DPDK-derived
> arch_fast_hash(), which trades off performance for security by
> using crc32 CPU instructions on x86_64.
> 
> While it might have a legimite use case in other places, it should
> be avoided in netlink context, though. As rhashtable's API is very
> flexible, we could later on still decide on other hashing disciplines,
> if legitimate.
> 
> Reference: http://thread.gmane.org/gmane.linux.kernel/1844123
> Fixes: e341694e3eb5 ("netlink: Convert netlink_lookup() to use RCU protected hash table")
> Cc: Herbert Xu <herbert@...dor.apana.org.au>
> Cc: Thomas Graf <tgraf@...g.ch>
> Cc: Hannes Frederic Sowa <hannes@...essinduktion.org>
> Signed-off-by: Daniel Borkmann <dborkman@...hat.com>

I think I've seen enough of this.

First of all, you've left all of the example initializers in the
rhashtable implementation recommending to use arch_fast_hash.

Secondly, after this, openvswitch (and nfsd, ugh) are the only users
remaining.   Even though there have been claims that using this
doesn't expose to openvswitch to being hash attackable, I'm still
not entirely convinced that an attacker cannot hurt performance
of an OVS node as a result of this.

I think this whole scheme should be reverted, whatever cycles
openvswitch gains by using crc32c instructions is far outweighed
by the confusion this has caused and all of this infrastructure
created for just one or two users.

Someone send me a patch to revert all of the arch_fast_hash
stuff, and every reference thereof, or else I'll do it myself.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ