diff options
| author | Yossi Kuperman <yossiku@mellanox.com> | 2018-01-17 14:52:41 +0100 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2018-01-18 11:09:29 +0100 |
| commit | cc01572e2fb080e279ca625f239aca61f435ebf3 (patch) | |
| tree | 93bd94fee95408caeab452c97c90a71b8f49f4d0 /net/xfrm/xfrm_state.c | |
| parent | bpf: fix cls_bpf on filter replace (diff) | |
| download | linux-cc01572e2fb080e279ca625f239aca61f435ebf3.tar.xz linux-cc01572e2fb080e279ca625f239aca61f435ebf3.zip | |
xfrm: Add SA to hardware at the end of xfrm_state_construct()
Current code configures the hardware with a new SA before the state has been
fully initialized. During this time interval, an incoming ESP packet can cause
a crash due to a NULL dereference. More specifically, xfrm_input() considers
the packet as valid, and yet, anti-replay mechanism is not initialized.
Move hardware configuration to the end of xfrm_state_construct(), and mark
the state as valid once the SA is fully initialized.
Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Aviad Yehezkel <aviadye@mellnaox.com>
Signed-off-by: Aviv Heller <avivh@mellanox.com>
Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm/xfrm_state.c')
| -rw-r--r-- | net/xfrm/xfrm_state.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 429957412633..2d486492acdb 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2272,8 +2272,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload) goto error; } - x->km.state = XFRM_STATE_VALID; - error: return err; } @@ -2282,7 +2280,13 @@ EXPORT_SYMBOL(__xfrm_init_state); int xfrm_init_state(struct xfrm_state *x) { - return __xfrm_init_state(x, true, false); + int err; + + err = __xfrm_init_state(x, true, false); + if (!err) + x->km.state = XFRM_STATE_VALID; + + return err; } EXPORT_SYMBOL(xfrm_init_state); |