From: Florian Westphal <fw@xxxxxxxxx>
Date: Fri, 24 Nov 2017 20:32:12 +0100
> Tomas Charvat <tc@xxxxxxxxxx> wrote:
>
> [ CC stable, Steffen ]
>
>> Hi Florian and David, I'm running several servers that use XFRM ipsec.
>> It do work well on all kernels bellow 4.14.0.
>>
>> It doesnt work on 4.14.0-2. There is no any error in dmesg or in
>> userspace when I do configure policies.
>>
>> Since there is not much info about XFRM in dmesg I have no clue, where
>> to start when I want to debug this issue.
>
> David, please consider picking up
> 94802151894d482e82c324edf2c658f8e6b96508
> ("Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find.")
>
> for the 4.14.y stable queue.
>
> I think its a pretty safe bet that this fixes the problem, it broke
> transport mode wildcard policy lookup.
Ok, once we have confirmation that this fixes it I also need to pair
it up with Steffen's alternative fix for the bug that commit was
trying to fix.