| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250805103212.GX8494@horms.kernel.org>
Date: Tue, 5 Aug 2025 11:32:12 +0100
From: Simon Horman <horms@...nel.org>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: netdev@...r.kernel.org, Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Cong Wang <xiyou.wangcong@...il.com>,
syzbot+6641a61fe0e2e89ae8c5@...kaller.appspotmail.com
Subject: Re: [PATCH ipsec] xfrm: flush all states in xfrm_state_fini
On Mon, Aug 04, 2025 at 11:05:43AM +0200, Sabrina Dubroca wrote:
> While reverting commit f75a2804da39 ("xfrm: destroy xfrm_state
> synchronously on net exit path"), I incorrectly changed
> xfrm_state_flush's "proto" argument back to IPSEC_PROTO_ANY. This
> reverts some of the changes in commit dbb2483b2a46 ("xfrm: clean up
> xfrm protocol checks"), and leads to some states not being removed
> when we exit the netns.
>
> Pass 0 instead of IPSEC_PROTO_ANY from both xfrm_state_fini
> xfrm6_tunnel_net_exit, so that xfrm_state_flush deletes all states.
>
> Fixes: 2a198bbec691 ("Revert "xfrm: destroy xfrm_state synchronously on net exit path"")
> Reported-by: syzbot+6641a61fe0e2e89ae8c5@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=6641a61fe0e2e89ae8c5
> Tested-by: syzbot+6641a61fe0e2e89ae8c5@...kaller.appspotmail.com
> Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>
Thanks Sabrina,
Looking over Git history my understanding matches
what you describe in the commit message.
Reviewed-by: Simon Horman <horms@...nel.org>
Powered by blists - more mailing lists