On Wed, Jan 17, 2018 at 03:52:41PM +0200, yoss...@mellanox.com wrote:
> From: Yossi Kuperman <yoss...@mellanox.com>
>
> Current code configures the hardware with a new SA before the state has been
> fully initialized. During this time interval, an incoming ESP packet can cause
> a crash due to a NULL dereference. More specifically, xfrm_input() considers
> the packet as valid, and yet, anti-replay mechanism is not initialized.
>
> Move hardware configuration to the end of xfrm_state_construct(), and mark
> the state as valid once the SA is fully initialized.
>
> Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
> Signed-off-by: Aviad Yehezkel <avia...@mellnaox.com>
> Signed-off-by: Aviv Heller <av...@mellanox.com>
> Signed-off-by: Yossi Kuperman <yoss...@mellanox.com>
Applied, thanks Yossi!
