On Fri, Jul 17, 2020 at 10:34:27AM +0200, Steffen Klassert wrote:
> The commits "xfrm: Move dst->path into struct xfrm_dst"
> and "net: Create and use new helper xfrm_dst_child()."
> changed xfrm bundle handling under the assumption
> that xdst->path and dst->child are not a NULL pointer
> only if dst->xfrm is not a NULL pointer. That is true
> with one exception. If the xfrm hold queue is used
> to wait until a SA is installed by the key manager,
> we create a dummy bundle without a valid dst->xfrm
> pointer. The current xfrm bundle handling crashes
> in that case. Fix this by extending the NULL check
> of dst->xfrm with a test of the DST_XFRM_QUEUE flag.
>
> Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst")
> Fixes: b92cf4aab8e6 ("net: Create and use new helper xfrm_dst_child().")
> Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
Now applied to the ipsec tree.
