• Hannes Frederic Sowa's avatar
    ipv4: initialize ip4_frags hash secret as late as possible · e7b519ba
    Hannes Frederic Sowa authored
    Defer the generation of the first hash secret for the ipv4 fragmentation
    cache as late as possible.
    
    ip4_frags.rnd gets initial seeded by inet_frags_init and regulary
    reseeded by inet_frag_secret_rebuild. Either we call ipqhashfn directly
    from ip_fragment.c in which case we initialize the secret directly.
    
    If we first get called by inet_frag_secret_rebuild we install a new secret
    by a manual call to get_random_bytes. This secret will be overwritten
    as soon as the first call to ipqhashfn happens. This is safe because we
    won't race while publishing the new secrets with anyone else.
    
    Cc: Eric Dumazet <edumazet@google.com>
    Cc: "David S. Miller" <davem@davemloft.net>
    Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    e7b519ba
ip_fragment.c 20.2 KB