Received: by 10.223.176.46 with SMTP id f43csp801968wra;
        Fri, 19 Jan 2018 02:06:47 -0800 (PST)
X-Google-Smtp-Source: ACJfBoskLIwddo6GCLkOLQtvQS10lxeACQqOoFHNdxJxvlbJ46QNZN5vJcmx/iHz6HmXZzzavQ51
X-Received: by 10.101.91.3 with SMTP id y3mr8036219pgq.260.1516356407111;
        Fri, 19 Jan 2018 02:06:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516356407; cv=none;
        d=google.com; s=arc-20160816;
        b=j9CrlSRVG21iFSNDm4N2KbbT4WLcz6Ac5VqInfaqBaOl26Z4w/tSli23KRXZBOrAk4
         UyQfCdwOx7Fh1ze6bD92IQ6CnLhqmLdfUi+bI0eIw2+2tZwiQfLqwZs4gm8dO+1aRbyt
         w42APhozcnqvwLd3GJJ0RQIcjo/RungrzUOnQAOOqZ5tY4d91gpwwZfkMPzmihtuLkSi
         jJ5f3c+KwuoiP+9DH2clP6yHHtwY8Hu69N1F1CXw41M2Q2lup51pr2233dJjnUX17H26
         PYj0eNdgpU4y8allXwIH49htWlbiRIBdfnrtyhOwZ8UYOXLClE/6pvT8ka7OrfQKtN7L
         8KGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=86TwMcOALeJGSu+teCdXLL557HuacUBxPWTM/QrA3vk=;
        b=vCu1sZAhIg7X38p61dYlH1ooaEIku1cAqdqPllMsG9GWdbYhlFxZ1/M/U7SLJfAHPA
         qSf+S0bSd73xuayw2Vw0tCEo7peUijkCKKR612J4tecMhyWSfg+j2xEgvy0vp1lpQwsb
         ixtQMELyq2h+LnNOw/4iyuTcrC3UqYKymA0FHMwwtbVeuhWxkrz7+x7wMu+kVi5KrCCR
         JY5COEv5ONR4i/fPS71NJnK6rnUiZYhckxVAnG0nnpcJGbq614CQLuk5ocsT+A9boxhM
         ftpB/pswGTnk5aX0w3ozKj1BPo8+41dYnK1hiDvrWmAwUojv94AZEQHwSC+cyWvZXzEA
         LZgA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u23si7776129pgv.642.2018.01.19.02.06.32;
        Fri, 19 Jan 2018 02:06:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755309AbeASKGE (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Fri, 19 Jan 2018 05:06:04 -0500
Received: from a.mx.secunet.com ([62.96.220.36]:50172 "EHLO a.mx.secunet.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751424AbeASKF5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Jan 2018 05:05:57 -0500
Received: from localhost (localhost [127.0.0.1])
        by a.mx.secunet.com (Postfix) with ESMTP id 9106D201E7;
        Fri, 19 Jan 2018 11:05:56 +0100 (CET)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1])
        by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id NaCj0wM8DpQL; Fri, 19 Jan 2018 11:05:55 +0100 (CET)
Received: from mail-essen-01.secunet.de (mail-essen-01.secunet.de [10.53.40.204])
        (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by a.mx.secunet.com (Postfix) with ESMTPS id 1FAA4201B3;
        Fri, 19 Jan 2018 11:05:55 +0100 (CET)
Received: from gauss2.secunet.de (10.182.6.161) by mail-essen-01.secunet.de
 (10.53.40.204) with Microsoft SMTP Server id 14.3.361.1; Fri, 19 Jan 2018
 11:04:57 +0100
Received: by gauss2.secunet.de (Postfix, from userid 1000)      id 988CA31801EC;
 Fri, 19 Jan 2018 11:05:54 +0100 (CET)
Date:   Fri, 19 Jan 2018 11:05:54 +0100
From:   Steffen Klassert <steffen.klassert@secunet.com>
To:     <yossiku@mellanox.com>
CC:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S . Miller" <davem@davemloft.net>, <netdev@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>,
        Aviad Yehezkel <aviadye@mellnaox.com>,
        "Aviv Heller" <avivh@mellanox.com>
Subject: Re: [PATCH net] xfrm: Add SA to hardware at the end of
 xfrm_state_construct()
Message-ID: <20180119100554.pezcpqj7g6gzsckl@gauss3.secunet.de>
References: <1516197161-28186-1-git-send-email-yossiku@mellanox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1516197161-28186-1-git-send-email-yossiku@mellanox.com>
User-Agent: NeoMutt/20170609 (1.8.3)
X-G-Data-MailSecurity-for-Exchange-State: 0
X-G-Data-MailSecurity-for-Exchange-Error: 0
X-G-Data-MailSecurity-for-Exchange-Sender: 23
X-G-Data-MailSecurity-for-Exchange-Server: d65e63f7-5c15-413f-8f63-c0d707471c93
X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10
X-G-Data-MailSecurity-for-Exchange-Guid: 1058B711-D8FC-4722-BEAD-4433D9820F0D
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jan 17, 2018 at 03:52:41PM +0200, yossiku@mellanox.com wrote:
> From: Yossi Kuperman <yossiku@mellanox.com>
> 
> Current code configures the hardware with a new SA before the state has been
> fully initialized. During this time interval, an incoming ESP packet can cause
> a crash due to a NULL dereference. More specifically, xfrm_input() considers
> the packet as valid, and yet, anti-replay mechanism is not initialized.
> 
> Move hardware configuration to the end of xfrm_state_construct(), and mark
> the state as valid once the SA is fully initialized.
> 
> Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
> Signed-off-by: Aviad Yehezkel <aviadye@mellnaox.com>
> Signed-off-by: Aviv Heller <avivh@mellanox.com>
> Signed-off-by: Yossi Kuperman <yossiku@mellanox.com>

Applied, thanks Yossi!