From: Jakub Kicinski <kuba@kernel.org>
Date: Wed, 18 Oct 2023 01:21:12 +0000 (-0700)
Subject: Merge tag 'ipsec-2023-10-17' of git://git.kernel.org/pub/scm/linux/kernel/git/klasser... 
X-Git-Tag: v6.6.7~1708^2~17
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f6c7b42243565a4ed8bc9d6f681b6d0cae026abc;hp=-c;p=platform%2Fkernel%2Flinux-starfive.git

Merge tag 'ipsec-2023-10-17' of git://git./linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
pull request (net): ipsec 2023-10-17

1) Fix a slab-use-after-free in xfrm_policy_inexact_list_reinsert.
   From Dong Chenchen.

2) Fix data-races in the xfrm interfaces dev->stats fields.
   From Eric Dumazet.

3) Fix a data-race in xfrm_gen_index.
   From Eric Dumazet.

4) Fix an inet6_dev refcount underflow.
   From Zhang Changzhong.

5) Check the return value of pskb_trim in esp_remove_trailer
   for esp4 and esp6. From Ma Ke.

6) Fix a data-race in xfrm_lookup_with_ifid.
   From Eric Dumazet.

* tag 'ipsec-2023-10-17' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
  xfrm: fix a data-race in xfrm_lookup_with_ifid()
  net: ipv4: fix return value check in esp_remove_trailer
  net: ipv6: fix return value check in esp_remove_trailer
  xfrm6: fix inet6_dev refcount underflow problem
  xfrm: fix a data-race in xfrm_gen_index()
  xfrm: interface: use DEV_STATS_INC()
  net: xfrm: skip policies marked as dead while reinserting policies
====================

Link: https://lore.kernel.org/r/20231017083723.1364940-1-steffen.klassert@secunet.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

f6c7b42243565a4ed8bc9d6f681b6d0cae026abc
diff --combined net/ipv6/xfrm6_policy.c
index 41a680c,45d0f9a..42fb6996
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@@ -117,10 -117,10 +117,10 @@@ static void xfrm6_dst_destroy(struct ds
  {
  	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
  
- 	if (likely(xdst->u.rt6.rt6i_idev))
- 		in6_dev_put(xdst->u.rt6.rt6i_idev);
  	dst_destroy_metrics_generic(dst);
  	rt6_uncached_list_del(&xdst->u.rt6);
+ 	if (likely(xdst->u.rt6.rt6i_idev))
+ 		in6_dev_put(xdst->u.rt6.rt6i_idev);
  	xfrm_dst_destroy(xdst);
  }
  
@@@ -201,8 -201,7 +201,8 @@@ static int __net_init xfrm6_net_sysctl_
  		table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh;
  	}
  
 -	hdr = register_net_sysctl(net, "net/ipv6", table);
 +	hdr = register_net_sysctl_sz(net, "net/ipv6", table,
 +				     ARRAY_SIZE(xfrm6_policy_table));
  	if (!hdr)
  		goto err_reg;