[PATCH ipsec-next v6 07/14] xfrm: check family before comparing addresses in migrate

Next message: Antony Antony: "[PATCH ipsec-next v6 02/14] xfrm: add extack to xfrm_init_state"
Previous message: Frank Li: "Re: (subset) [PATCH V2 0/2] arm64: dts: Add NXP i.MX8MP audio board support"
In reply to: Antony Antony: "[PATCH ipsec-next v6 05/14] xfrm: rename reqid in xfrm_migrate"
Next in thread: Antony Antony: "[PATCH ipsec-next v6 02/14] xfrm: add extack to xfrm_init_state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Antony Antony

Date: Mon Mar 09 2026 - 14:46:49 EST

When migrating between different address families, xfrm_addr_equal()
cannot meaningfully compare addresses, different lengths.
Only call xfrm_addr_equal() when families match, and take
the xfrm_state_insert() path when addresses are equal.

Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")

Signed-off-by: Antony Antony <antony.antony@xxxxxxxxxxx>
---
v5->v6 added this patch
---
net/xfrm/xfrm_state.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 9060a6c399fd2befc09751f106e0f138990c9a2a..f7bcf14223584bd7d779a2521a9d5b0bf7946640 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2159,10 +2159,11 @@ int xfrm_state_migrate_install(const struct xfrm_state *x,
struct xfrm_user_offload *xuo,
struct netlink_ext_ack *extack)
{
- if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
+ if (m->new_family == m->old_family &&
+ xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
/*
- * Care is needed when the destination address
- * of the state is to be updated as it is a part of triplet.
+ * Care is needed when the destination address of the state is
+ * to be updated as it is a part of triplet.
*/
xfrm_state_insert(xc);
} else {

--
2.47.3