3 files changed, 10 insertions, 4 deletions

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index e517981ceadd..42d8ded0f96a 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -33,7 +33,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
                     xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
                     xdst->u.rt.fl.fl4_src == fl->fl4_src &&
                     xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
-                    xfrm_bundle_ok(xdst, fl, AF_INET)) {
+                    xfrm_bundle_ok(xdst, fl, AF_INET, 0)) {
                         dst_clone(dst);
                         break;
                 }
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index a3f68c8b737e..729b4748d6d3 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -50,7 +50,9 @@ __xfrm6_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
                                  xdst->u.rt6.rt6i_src.plen);
                 if (ipv6_addr_equal(&xdst->u.rt6.rt6i_dst.addr, &fl_dst_prefix) &&
                     ipv6_addr_equal(&xdst->u.rt6.rt6i_src.addr, &fl_src_prefix) &&
-                    xfrm_bundle_ok(xdst, fl, AF_INET6)) {
+                    xfrm_bundle_ok(xdst, fl, AF_INET6,
+                                   (xdst->u.rt6.rt6i_dst.plen != 128 ||
+                                    xdst->u.rt6.rt6i_src.plen != 128))) {
                         dst_clone(dst);
                         break;
                 }
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 56abb5c057d4..ad2a5cba1f5b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1167,7 +1167,7 @@ static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie)
 
 static int stale_bundle(struct dst_entry *dst)
 {
-        return !xfrm_bundle_ok((struct xfrm_dst *)dst, NULL, AF_UNSPEC);
+        return !xfrm_bundle_ok((struct xfrm_dst *)dst, NULL, AF_UNSPEC, 0);
 }
 
 void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
@@ -1282,7 +1282,7 @@ EXPORT_SYMBOL(xfrm_init_pmtu);
  * still valid.
  */
 
-int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family)
+int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family, int strict)
 {
         struct dst_entry *dst = &first->u.dst;
         struct xfrm_dst *last;
@@ -1304,6 +1304,10 @@ int xfrm_bundle_ok(struct xfrm_dst *first, struct flowi *fl, int family)
                 if (dst->xfrm->km.state != XFRM_STATE_VALID)
                         return 0;
 
+                if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
+                    !xfrm_state_addr_flow_check(dst->xfrm, fl, family))
+                        return 0;
+
                 mtu = dst_mtu(dst->child);
                 if (xdst->child_mtu_cached != mtu) {
                         last = xdst;