UPSTREAM: ipsec: Fix aborted xfrm policy dump crash

An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.

The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash.  This can be
triggered if a dump fails because the target socket's receive
buffer is full.

This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.

Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list")
BUG=chromium:788304,b:70422312
TEST=Build and run
CQ-DEPEND=CL:823087

Change-Id: Iad254b7b289804f75fba17a3c7c6d17480a11ab6
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
(cherry picked from commit 1137b5e2529a8f5ca8ee709288ecba3e68044df2)
Reviewed-on: https://chromium-review.googlesource.com/790150
Reviewed-by: Kevin Cernekee <cernekee@chromium.org>
(cherry picked from commit b566e07bdd3b1a5e808892e8287a044db4442020)
Reviewed-on: https://chromium-review.googlesource.com/820133
Trybot-Ready: Robert Kolchmeyer <rkolchmeyer@google.com>
Commit-Queue: Robert Kolchmeyer <rkolchmeyer@google.com>
Tested-by: Robert Kolchmeyer <rkolchmeyer@google.com>
1 file changed