-
由 Eric Dumazet 提交于
stable inclusion from stable-v5.10.125 commit 743acb520799bd8987edb7d1282b7eeddeb8f986 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5L6EY Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=743acb520799bd8987edb7d1282b7eeddeb8f986 -------------------------------- commit c579bd1b upstream. Even when implementing RFC 6056 3.3.4 (Algorithm 4: Double-Hash Port Selection Algorithm), a patient attacker could still be able to collect enough state from an otherwise idle host. Idea of this patch is to inject some noise, in the cases __inet_hash_connect() found a candidate in the first attempt. This noise should not significantly reduce the collision avoidance, and should be zero if connection table is already well used. Note that this is not implementing RFC 6056 3.3.5 because we think Algorithm 5 could hurt typical workloads. Signed-off-by: NEric Dumazet <edumazet@google.com> Cc: David Dworken <ddworken@google.com> Cc: Willem de Bruijn <willemb@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net> Cc: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: NWei Li <liwei391@huawei.com>
07505f0d