-
由 Leon Romanovsky 提交于
stable inclusion from stable-v5.10.104 commit b53d4bfd1a6894e00dc8d654af61a22bb914dde4 bugzilla: https://gitee.com/openeuler/kernel/issues/I56XAC Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b53d4bfd1a6894e00dc8d654af61a22bb914dde4 -------------------------------- commit 7c76ecd9 upstream. struct xfrm_user_offload has flags variable that received user input, but kernel didn't check if valid bits were provided. It caused a situation where not sanitized input was forwarded directly to the drivers. For example, XFRM_OFFLOAD_IPV6 define that was exposed, was used by strongswan, but not implemented in the kernel at all. As a solution, check and sanitize input flags to forward XFRM_OFFLOAD_INBOUND to the drivers. Fixes: d77e38e6 ("xfrm: Add an IPsec hardware offloading API") Signed-off-by: NLeon Romanovsky <leonro@nvidia.com> Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NYu Liao <liaoyu15@huawei.com> Reviewed-by: NWei Li <liwei391@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
2898124e