From 7fc0356bd66eb55ae7ff4fb6444166b9635b8168 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 16 Mar 2022 15:19:48 +0100
Subject: [PATCH] 5.16-stable patches

added patches:
	revert-xfrm-state-and-policy-should-fail-if-xfrma_if_id-0.patch
---
 ...-policy-should-fail-if-xfrma_if_id-0.patch | 69 +++++++++++++++++++
 queue-5.16/series                             |  1 +
 2 files changed, 70 insertions(+)
 create mode 100644 queue-5.16/revert-xfrm-state-and-policy-should-fail-if-xfrma_if_id-0.patch
 create mode 100644 queue-5.16/series

diff --git a/queue-5.16/revert-xfrm-state-and-policy-should-fail-if-xfrma_if_id-0.patch b/queue-5.16/revert-xfrm-state-and-policy-should-fail-if-xfrma_if_id-0.patch
new file mode 100644
index 00000000000..45e39281aa2
--- /dev/null
+++ b/queue-5.16/revert-xfrm-state-and-policy-should-fail-if-xfrma_if_id-0.patch
@@ -0,0 +1,69 @@
+From a3d9001b4e287fc043e5539d03d71a32ab114bcb Mon Sep 17 00:00:00 2001
+From: Kai Lueke <kailueke@linux.microsoft.com>
+Date: Thu, 3 Mar 2022 15:55:10 +0100
+Subject: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
+
+From: Kai Lueke <kailueke@linux.microsoft.com>
+
+commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.
+
+This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
+0 was meant to be used for configuring the policy/state without
+matching for a specific interface (e.g., Cilium is affected, see
+https://github.com/cilium/cilium/pull/18789 and
+https://github.com/cilium/cilium/pull/19019).
+
+Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/xfrm/xfrm_user.c |   21 +++------------------
+ 1 file changed, 3 insertions(+), 18 deletions(-)
+
+--- a/net/xfrm/xfrm_user.c
++++ b/net/xfrm/xfrm_user.c
+@@ -629,13 +629,8 @@ static struct xfrm_state *xfrm_state_con
+ 
+ 	xfrm_smark_init(attrs, &x->props.smark);
+ 
+-	if (attrs[XFRMA_IF_ID]) {
++	if (attrs[XFRMA_IF_ID])
+ 		x->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+-		if (!x->if_id) {
+-			err = -EINVAL;
+-			goto error;
+-		}
+-	}
+ 
+ 	err = __xfrm_init_state(x, false, attrs[XFRMA_OFFLOAD_DEV]);
+ 	if (err)
+@@ -1431,13 +1426,8 @@ static int xfrm_alloc_userspi(struct sk_
+ 
+ 	mark = xfrm_mark_get(attrs, &m);
+ 
+-	if (attrs[XFRMA_IF_ID]) {
++	if (attrs[XFRMA_IF_ID])
+ 		if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+-		if (!if_id) {
+-			err = -EINVAL;
+-			goto out_noput;
+-		}
+-	}
+ 
+ 	if (p->info.seq) {
+ 		x = xfrm_find_acq_byseq(net, mark, p->info.seq);
+@@ -1750,13 +1740,8 @@ static struct xfrm_policy *xfrm_policy_c
+ 
+ 	xfrm_mark_get(attrs, &xp->mark);
+ 
+-	if (attrs[XFRMA_IF_ID]) {
++	if (attrs[XFRMA_IF_ID])
+ 		xp->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+-		if (!xp->if_id) {
+-			err = -EINVAL;
+-			goto error;
+-		}
+-	}
+ 
+ 	return xp;
+  error:
diff --git a/queue-5.16/series b/queue-5.16/series
new file mode 100644
index 00000000000..8f5aea7fa8b
--- /dev/null
+++ b/queue-5.16/series
@@ -0,0 +1 @@
+revert-xfrm-state-and-policy-should-fail-if-xfrma_if_id-0.patch
-- 
2.47.3