From: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
commit a35672819f8d85e2ae38b80d40b923e3ef81e4ea upstream.
A recent commit jumped over the dst hash computation and
left the symbol uninitialized. Fix this by explicitly
computing the dst hash before it is used.
Fixes: 0045e3d80613 ("xfrm: Cache used outbound xfrm states at the policy.")
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/xfrm/xfrm_state.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1512,6 +1512,7 @@ found:
x->km.state = XFRM_STATE_ACQ;
x->dir = XFRM_SA_DIR_OUT;
list_add(&x->km.all, &net->xfrm.state_all);
+ h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
XFRM_STATE_INSERT(bydst, &x->bydst,
net->xfrm.state_bydst + h,
x->xso.type);
Patches currently in stable-queue which might be from steffen.klassert@xxxxxxxxxxx are
queue-6.12/xfrm-add-error-handling-when-nla_put_u32-returns-an-error.patch
queue-6.12/xfrm-add-an-inbound-percpu-state-cache.patch
queue-6.12/xfrm-replay-fix-the-update-of-replay_esn-oseq_hi-for.patch
queue-6.12/xfrm-state-fix-out-of-bounds-read-during-lookup.patch
queue-6.12/xfrm-delete-intermediate-secpath-entry-in-packet-off.patch
queue-6.12/xfrm-cache-used-outbound-xfrm-states-at-the-policy.patch
queue-6.12/xfrm-don-t-disable-preemption-while-looking-up-cache.patch
queue-6.12/xfrm-fix-acquire-state-insertion.patch
queue-6.12/xfrm-add-support-for-per-cpu-xfrm-state-handling.patch
