• Manfred Spraul's avatar
    [NET]: Fix secure tcp sequence number generation · 34b0db5b
    Manfred Spraul authored
    Ted's recent random.c update broke the periodic rekeying:
    schedule_work() doesn't provide synchronization. Additionally the first
    syn values after boot are generated with secret 0 - not good.
    
    Attached is a big cleanup. Linus asked me to send to to you for merging:
    
    The tcp sequence number generator needs a random seed that is reset every
    few minutes. Since the sequence numbers should be constantly increasing,
    for each rekey 2^24 is added to the sequence number.
    The actual use of the sequence number generator is lockless,
    synchronization is achieved by having two copies of the control structure.
    
    The attached patch:
    - fixes a race in rekey_seq_generator(): schedule_work doesn't
       provide synchronization.
    - Uses schedule_delayed_work() for the rekey: simplifies synchronization
       and speeds up the hot path.
    - Adds a late_initcall for the first initialization after boot.
       init_call would be too early, I've checked that the late_initcall runs
       before net/ipv4/ipconfig.c, i.e. the BOOTP/DHCP autoconfiguration.
    Signed-Off-By: default avatarManfred Spraul <manfred@colorfullife.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    34b0db5b
random.c 73.8 KB