| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251118085344.2199815-1-steffen.klassert@secunet.com>
Date: Tue, 18 Nov 2025 09:52:33 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert
<steffen.klassert@...unet.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/10] pull request (net): ipsec 2025-11-18
1) Misc fixes for xfrm_state creation/modification/deletion.
Patchset from Sabrina Dubroca.
2) Fix inner packet family determination for xfrm offloads.
From Jianbo Liu.
3) Don't push locally generated packets directly to L2 tunnel
mode offloading, they still need processing from the standard
xfrm path. From Jianbo Liu.
4) Fix memory leaks in xfrm_add_acquire for policy offloads and policy
security contexts. From Zilin Guan.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit f584239a9ed25057496bf397c370cc5163dde419:
net/smc: fix general protection fault in __smc_diag_dump (2025-10-20 17:46:06 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git tags/ipsec-2025-11-18
for you to fetch changes up to a55ef3bff84f11ee8c84a1ae29b071ffd4ccbbd9:
xfrm: fix memory leak in xfrm_add_acquire() (2025-11-14 10:12:36 +0100)
----------------------------------------------------------------
ipsec-2025-11-18
----------------------------------------------------------------
Jianbo Liu (3):
xfrm: Check inner packet family directly from skb_dst
xfrm: Determine inner GSO type from packet inner protocol
xfrm: Prevent locally generated packets from direct output in tunnel mode
Sabrina Dubroca (6):
xfrm: drop SA reference in xfrm_state_update if dir doesn't match
xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added
xfrm: make state as DEAD before final put when migrate fails
xfrm: call xfrm_dev_state_delete when xfrm_state_migrate fails to add the state
xfrm: set err and extack on failure to create pcpu SA
xfrm: check all hash buckets for leftover states during netns deletion
Zilin Guan (1):
xfrm: fix memory leak in xfrm_add_acquire()
include/net/xfrm.h | 3 ++-
net/ipv4/esp4_offload.c | 6 ++++--
net/ipv6/esp6_offload.c | 6 ++++--
net/xfrm/xfrm_device.c | 2 +-
net/xfrm/xfrm_output.c | 8 ++++++--
net/xfrm/xfrm_state.c | 30 ++++++++++++++++++++++--------
net/xfrm/xfrm_user.c | 8 +++++++-
7 files changed, 46 insertions(+), 17 deletions(-)
Powered by blists - more mailing lists