add boot partition size

hc

2023-12-11 d2ccde1c8e90d38cee87a1b0309ad2827f3fd30d

 kernel/net/core/secure_seq.c
..
..
@@ -1,10 +1,10 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * Copyright (C) 2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
3
4
  */
4
5
 
5
6
 #include <linux/kernel.h>
6
7
 #include <linux/init.h>
7
-#include <linux/cryptohash.h>
8
8
 #include <linux/module.h>
9
9
 #include <linux/cache.h>
10
10
 #include <linux/random.h>
..
..
@@ -21,6 +21,8 @@
21
21
 
22
22
 static siphash_key_t net_secret __read_mostly;
23
23
 static siphash_key_t ts_secret __read_mostly;
24
+
25
+#define EPHEMERAL_PORT_SHUFFLE_PERIOD (10 * HZ)
24
26
 
25
27
 static __always_inline void net_secret_init(void)
26
28
 {
..
..
@@ -62,7 +64,7 @@
62
64
 		.daddr = *(struct in6_addr *)daddr,
63
65
 	};
64
66
 
65
-	if (net->ipv4.sysctl_tcp_timestamps != 1)
67
+	if (READ_ONCE(net->ipv4.sysctl_tcp_timestamps) != 1)
66
68
 		return 0;
67
69
 
68
70
 	ts_secret_init();
..
..
@@ -94,17 +96,19 @@
94
96
 }
95
97
 EXPORT_SYMBOL(secure_tcpv6_seq);
96
98
 
97
-u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
99
+u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
98
100
 			       __be16 dport)
99
101
 {
100
102
 	const struct {
101
103
 		struct in6_addr saddr;
102
104
 		struct in6_addr daddr;
105
+		unsigned int timeseed;
103
106
 		__be16 dport;
104
107
 	} __aligned(SIPHASH_ALIGNMENT) combined = {
105
108
 		.saddr = *(struct in6_addr *)saddr,
106
109
 		.daddr = *(struct in6_addr *)daddr,
107
-		.dport = dport
110
+		.timeseed = jiffies / EPHEMERAL_PORT_SHUFFLE_PERIOD,
111
+		.dport = dport,
108
112
 	};
109
113
 	net_secret_init();
110
114
 	return siphash(&combined, offsetofend(typeof(combined), dport),
..
..
@@ -116,7 +120,7 @@
116
120
 #ifdef CONFIG_INET
117
121
 u32 secure_tcp_ts_off(const struct net *net, __be32 saddr, __be32 daddr)
118
122
 {
119
-	if (net->ipv4.sysctl_tcp_timestamps != 1)
123
+	if (READ_ONCE(net->ipv4.sysctl_tcp_timestamps) != 1)
120
124
 		return 0;
121
125
 
122
126
 	ts_secret_init();
..
..
@@ -142,11 +146,13 @@
142
146
 }
143
147
 EXPORT_SYMBOL_GPL(secure_tcp_seq);
144
148
 
145
-u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
149
+u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
146
150
 {
147
151
 	net_secret_init();
148
-	return siphash_3u32((__force u32)saddr, (__force u32)daddr,
149
-			    (__force u16)dport, &net_secret);
152
+	return siphash_4u32((__force u32)saddr, (__force u32)daddr,
153
+			    (__force u16)dport,
154
+			    jiffies / EPHEMERAL_PORT_SHUFFLE_PERIOD,
155
+			    &net_secret);
150
156
 }
151
157
 EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
152
158
 #endif