Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

Cross merge. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2024-05-15 07:29:56 -0700
committer: Jakub Kicinski <kuba@kernel.org> 2024-05-15 07:30:49 -0700
commit: 621cde16e49b3ecf7d59a8106a20aaebfb4a59a9 (patch)
tree: bb4b8e255e276950c8d9502998f83a7f4f5bf5e9 /net/xfrm/xfrm_input.c
parent: 317a215d493230da361028ea8a4675de334bfa1a (diff)
parent: 1b294a1f35616977caddaddf3e9d28e576a1adbc (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 3a2982a72a6b..d2ea18dcb0cb 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -474,6 +474,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 	if (encap_type < 0 || (xo && xo->flags & XFRM_GRO)) {
 		x = xfrm_input_state(skb);
 
+		if (unlikely(x->dir && x->dir != XFRM_SA_DIR_IN)) {
+			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEDIRERROR);
+			goto drop;
+		}
+
 		if (unlikely(x->km.state != XFRM_STATE_VALID)) {
 			if (x->km.state == XFRM_STATE_ACQ)
 				XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
@@ -579,6 +584,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 			goto drop;
 		}
 
+		if (unlikely(x->dir && x->dir != XFRM_SA_DIR_IN)) {
+			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEDIRERROR);
+			xfrm_state_put(x);
+			goto drop;
+		}
+
 		skb->mark = xfrm_smark_get(skb->mark, x);
 
 		sp->xvec[sp->len++] = x;
author	Jakub Kicinski <kuba@kernel.org>	2024-05-15 07:29:56 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2024-05-15 07:30:49 -0700
commit	621cde16e49b3ecf7d59a8106a20aaebfb4a59a9 (patch)
tree	bb4b8e255e276950c8d9502998f83a7f4f5bf5e9 /net/xfrm/xfrm_input.c
parent	317a215d493230da361028ea8a4675de334bfa1a (diff)
parent	1b294a1f35616977caddaddf3e9d28e576a1adbc (diff)