[PATCH ipsec-next v8 07/14] xfrm: check family before comparing addresses in migrate

[PATCH ipsec-next v8 00/14] xfrm: XFRM_MSG_MIGRATE_STATE new netlink message · Antony Antony <hidden> · 2026-05-05
[PATCH ipsec-next v8 01/14] xfrm: remove redundant assignments · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 01/14] xfrm: remove redundant assignments · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 02/14] xfrm: add extack to xfrm_init_state · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 02/14] xfrm: add extack to xfrm_init_state · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 03/14] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 03/14] xfrm: allow migration from UDP encapsulated to non-encapsulated ESP · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
Re: [PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration · Steffen Klassert <steffen.klassert@secunet.com> · 2026-05-07
Re: [PATCH ipsec-next v8 04/14] xfrm: fix NAT-related field inheritance in SA migration · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 05/14] xfrm: rename reqid in xfrm_migrate · Antony Antony <hidden> · 2026-05-05
[PATCH ipsec-next v8 06/14] xfrm: split xfrm_state_migrate into create and install functions · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 06/14] xfrm: split xfrm_state_migrate into create and install functions · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 07/14] xfrm: check family before comparing addresses in migrate · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 07/14] xfrm: check family before comparing addresses in migrate · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 08/14] xfrm: add state synchronization after migration · Antony Antony <hidden> · 2026-05-05
[PATCH ipsec-next v8 09/14] xfrm: add error messages to state migration · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 09/14] xfrm: add error messages to state migration · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 10/14] xfrm: move encap and xuo into struct xfrm_migrate · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 10/14] xfrm: move encap and xuo into struct xfrm_migrate · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-07
[PATCH ipsec-next v8 11/14] xfrm: refactor XFRMA_MTIMER_THRESH validation into a helper · Antony Antony <hidden> · 2026-05-05
[PATCH ipsec-next v8 12/14] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 12/14] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration · Steffen Klassert <steffen.klassert@secunet.com> · 2026-05-07
Re: [PATCH ipsec-next v8 12/14] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-11
Re: [devel-ipsec] Re: [PATCH ipsec-next v8 12/14] xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migration · Antony Antony <hidden> · 2026-05-26
[PATCH ipsec-next v8 13/14] xfrm: restrict netlink attributes for XFRM_MSG_MIGRATE_STATE · Antony Antony <hidden> · 2026-05-05
[PATCH ipsec-next v8 14/14] xfrm: add documentation for XFRM_MSG_MIGRATE_STATE · Antony Antony <hidden> · 2026-05-05
Re: [PATCH ipsec-next v8 14/14] xfrm: add documentation for XFRM_MSG_MIGRATE_STATE · Sabrina Dubroca <sd@queasysnail.net> · 2026-05-11
Re: [devel-ipsec] Re: [PATCH ipsec-next v8 14/14] xfrm: add documentation for XFRM_MSG_MIGRATE_STATE · Antony Antony <hidden> · 2026-05-26

COOLING14d

Revisions (4)

2026-03-09 v6 [diff vs current]
2026-04-12 v7 [diff vs current]
2026-05-05 v8 current
2026-05-26 v9 [diff vs current]

From: Antony Antony <hidden>
Date: 2026-05-05 04:33:38
Also in: linux-doc, lkml, selinux
Subsystem: networking [general], networking [ipsec], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Steffen Klassert, Herbert Xu, Linus Torvalds

When migrating between different address families, xfrm_addr_equal()
cannot meaningfully compare addresses, different lengths.
Only call xfrm_addr_equal() when families match, and take
the xfrm_state_insert() path when addresses are equal.

Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")

Signed-off-by: Antony Antony <redacted>

---
v5->v6: added this patch
---
 net/xfrm/xfrm_state.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 85fd80520184..327a855253e6 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c

@@ -2159,10 +2159,11 @@ int xfrm_state_migrate_install(const struct xfrm_state *x,
 			       struct xfrm_user_offload *xuo,
 			       struct netlink_ext_ack *extack)
 {
-	if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
+	if (m->new_family == m->old_family &&
+	    xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
 		/*
-		 * Care is needed when the destination address
-		 * of the state is to be updated as it is a part of triplet.
+		 * Care is needed when the destination address of the state is
+		 * to be updated as it is a part of triplet.
 		 */
 		xfrm_state_insert(xc);
 	} else {

-- 
2.47.3

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help