Re: [PATCH ipsec] esp: fix uninitialised req->src dereference in esp_ssg_unref

Next message: Nam Cao: "Re: [PATCH v3 06/13] rv: Do not rely on clean monitor when initialising HA"
Previous message: Mike Rapoport: "Re: [PATCH] riscv: mm: Call mark_new_valid_map() after hotplugging vmemmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steffen Klassert

Date: Mon Jun 01 2026 - 03:24:36 EST

On Fri, May 29, 2026 at 09:18:46AM +0200, Alessandro Schino wrote:
> When esp_ssg_unref() is called with already_unref=true, req->src has
> not been initialised yet because aead_request_set_crypt() has not been
> called at that point. Use esp_req_sg() to obtain the source scatterlist
> directly from the tmp buffer layout instead.
>
> Fixes: 2982e599fff6 ("esp: fix page frag reference leak on skb_to_sgvec failure")
> Signed-off-by: Alessandro Schino <7991aleschino@xxxxxxxxx>

Please resend the full fixed patch on top of the ipsec tree.