Re: [PATCH net] xfrm: Add SA to hardware at the end of xfrm_state_construct()

From: Steffen Klassert
Date: Fri Jan 19 2018 - 05:06:09 EST

Next message: Jan Kiszka: "[PATCH] x86/jailhouse: Set X86_FEATURE_TSC_KNOWN_FREQ"
Previous message: Kirill A. Shutemov: "Re: [mm 4.15-rc8] Random oopses under memory pressure."
In reply to: yossiku: "[PATCH net] xfrm: Add SA to hardware at the end of xfrm_state_construct()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 17, 2018 at 03:52:41PM +0200, yossiku@xxxxxxxxxxxx wrote:
> From: Yossi Kuperman <yossiku@xxxxxxxxxxxx>
>
> Current code configures the hardware with a new SA before the state has been
> fully initialized. During this time interval, an incoming ESP packet can cause
> a crash due to a NULL dereference. More specifically, xfrm_input() considers
> the packet as valid, and yet, anti-replay mechanism is not initialized.
>
> Move hardware configuration to the end of xfrm_state_construct(), and mark
> the state as valid once the SA is fully initialized.
>
> Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
> Signed-off-by: Aviad Yehezkel <aviadye@xxxxxxxxxxxx>
> Signed-off-by: Aviv Heller <avivh@xxxxxxxxxxxx>
> Signed-off-by: Yossi Kuperman <yossiku@xxxxxxxxxxxx>

Applied, thanks Yossi!

Next message: Jan Kiszka: "[PATCH] x86/jailhouse: Set X86_FEATURE_TSC_KNOWN_FREQ"
Previous message: Kirill A. Shutemov: "Re: [mm 4.15-rc8] Random oopses under memory pressure."
In reply to: yossiku: "[PATCH net] xfrm: Add SA to hardware at the end of xfrm_state_construct()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]