From 95a59b0c5d0545107b56a340d3f148d8e2c9d3ad Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Thu, 8 Aug 2019 03:01:19 +0100 Subject: [PATCH] inet: Avoid ABI change for IP ID hash change --- debian/changelog | 1 + ...oid-abi-change-for-ip-id-hash-change.patch | 75 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 77 insertions(+) create mode 100644 debian/patches/debian/abi/inet-avoid-abi-change-for-ip-id-hash-change.patch diff --git a/debian/changelog b/debian/changelog index 7809e5081..67f992795 100644 --- a/debian/changelog +++ b/debian/changelog @@ -30,6 +30,7 @@ linux (4.19.37-5+deb10u2) UNRELEASED; urgency=medium - Move swapgs feature bits to existing scattered words - Revert "x86/cpufeatures: Combine word 11 and 12 into a new scattered features word" + * inet: Avoid ABI change for IP ID hash change -- Romain Perier Mon, 22 Jul 2019 14:00:00 +0200 diff --git a/debian/patches/debian/abi/inet-avoid-abi-change-for-ip-id-hash-change.patch b/debian/patches/debian/abi/inet-avoid-abi-change-for-ip-id-hash-change.patch new file mode 100644 index 000000000..6b872b9d6 --- /dev/null +++ b/debian/patches/debian/abi/inet-avoid-abi-change-for-ip-id-hash-change.patch @@ -0,0 +1,75 @@ +From: Ben Hutchings +Date: Thu, 08 Aug 2019 02:59:40 +0100 +Subject: inet: Avoid ABI change for IP ID hash change +Forwarded: not-needed + +"inet: switch IP ID generator to siphash" adds a new member to struct +netns_ipv4. Since this is embedded in struct net, it changes the +offsets of all the following members. However struct net itself is +not embedded in anything, and is always allocated by built-in code. +So move the new member to the end of struct net, and hide it from +genksyms. + +Also hide the added element and member from modules, as they won't be +able to rely on their being present until we bump ABI. + +--- +--- a/include/net/net_namespace.h ++++ b/include/net/net_namespace.h +@@ -163,6 +163,7 @@ struct net { + atomic_t fnhe_genid; + #if !defined(__GENKSYMS__) && !defined(MODULE) + int ipv4_sysctl_tcp_min_snd_mss; ++ siphash_key_t ipv4_ip_id_key; + #endif + } __randomize_layout; + +--- a/include/net/netns/ipv4.h ++++ b/include/net/netns/ipv4.h +@@ -216,6 +216,6 @@ struct netns_ipv4 { + unsigned int ipmr_seq; /* protected by rtnl_mutex */ + + atomic_t rt_genid; +- siphash_key_t ip_id_key; ++ /* siphash_key_t ip_id_key; - bwh: moved to end of struct net */ + }; + #endif +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -503,14 +503,14 @@ void __ip_select_ident(struct net *net, + u32 hash, id; + + /* Note the following code is not safe, but this is okay. */ +- if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key))) +- get_random_bytes(&net->ipv4.ip_id_key, +- sizeof(net->ipv4.ip_id_key)); ++ if (unlikely(siphash_key_is_zero(&net->ipv4_ip_id_key))) ++ get_random_bytes(&net->ipv4_ip_id_key, ++ sizeof(net->ipv4_ip_id_key)); + + hash = siphash_3u32((__force u32)iph->daddr, + (__force u32)iph->saddr, + iph->protocol, +- &net->ipv4.ip_id_key); ++ &net->ipv4_ip_id_key); + id = ip_idents_reserve(hash, segs); + iph->id = htons(id); + } +--- a/net/ipv6/output_core.c ++++ b/net/ipv6/output_core.c +@@ -24,11 +24,11 @@ static u32 __ipv6_select_ident(struct ne + u32 hash, id; + + /* Note the following code is not safe, but this is okay. */ +- if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key))) +- get_random_bytes(&net->ipv4.ip_id_key, +- sizeof(net->ipv4.ip_id_key)); ++ if (unlikely(siphash_key_is_zero(&net->ipv4_ip_id_key))) ++ get_random_bytes(&net->ipv4_ip_id_key, ++ sizeof(net->ipv4_ip_id_key)); + +- hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key); ++ hash = siphash(&combined, sizeof(combined), &net->ipv4_ip_id_key); + + /* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve, + * set the hight order instead thus minimizing possible future diff --git a/debian/patches/series b/debian/patches/series index d1c1e941a..f3c125d8f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -304,3 +304,4 @@ features/all/ena/0018-net-ena-update-driver-version-from-2.0.1-to-2.0.2.patch debian/abi/tcp-avoid-abi-change-for-dos-fixes.patch debian/abi/x86-cpufeatures-move-swapgs-feature-bits-to-existing.patch debian/abi/revert-x86-cpufeatures-combine-word-11-and-12-into-a-new-sc.patch +debian/abi/inet-avoid-abi-change-for-ip-id-hash-change.patch