b01a8531d0
[ Upstream commit 355b98553789b646ed97ad801a619ff898471b92 ]
net_hash_mix() currently uses kernel address of a struct net,
and is used in many places that could be used to reveal this
address to a patient attacker, thus defeating KASLR, for
the typical case (initial net namespace, &init_net is
not dynamically allocated)
I believe the original implementation tried to avoid spending
too many cycles in this function, but security comes first.
Also provide entropy regardless of CONFIG_NET_NS.
Fixes:
|
||
---|---|---|
.. | ||
conntrack.h | ||
core.h | ||
dccp.h | ||
generic.h | ||
hash.h | ||
ipv4.h | ||
ipv6.h | ||
mib.h | ||
netfilter.h | ||
packet.h | ||
sctp.h | ||
unix.h | ||
x_tables.h | ||
xfrm.h |