Thanks I will give it a try. Any change that patch will make it into
4.14.3?
br
Tomas
On Fri, 2017-11-24 at 20:32 +0100, Florian Westphal wrote:
> Tomas Charvat <tc@xxxxxxxxxx> wrote:
>
> [ CC stable, Steffen ]
>
> > Hi Florian and David, I'm running several servers that use XFRM
> > ipsec.
> > It do work well on all kernels bellow 4.14.0.
> >
> > It doesnt work on 4.14.0-2. There is no any error in dmesg or in
> > userspace when I do configure policies.
> >
> > Since there is not much info about XFRM in dmesg I have no clue,
> > where
> > to start when I want to debug this issue.
>
> David, please consider picking up
> 94802151894d482e82c324edf2c658f8e6b96508
> ("Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find.")
>
> for the 4.14.y stable queue.
>
> I think its a pretty safe bet that this fixes the problem, it broke
> transport mode wildcard policy lookup.
>
> > I have seen that you have removed flow-cache that we have fixed 2
> > time.
> > Do you have clue where to start with debug of this issue ?
>
> If the revert doesn't help, please do a bug report to
> netdev@xxxxxxxxxxxxxxx and provide /proc/net/xfrm_stat content
> and the list of policies/SAs.Attachment:
smime.p7s
Description: S/MIME cryptographic signature