Skip to content

Commit

Permalink
xfrm: Fix deletion of offloaded SAs on failure.
Browse files Browse the repository at this point in the history 
When we off load a SA, it gets pushed to the NIC before we can
add it. In case of a failure, we don't delete this SA from the
NIC. Fix this by calling xfrm_dev_state_delete on failure.

Fixes: d77e38e ("xfrm: Add an IPsec hardware offloading API")
Reported-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
  • Loading branch information
Steffen Klassert committed Sep 11, 2017
1 parent 1f4f554 commit c5d4d7d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/xfrm/xfrm_user.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -657,6 +657,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,

if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
xfrm_dev_state_delete(x);
__xfrm_state_put(x);
goto out;
}
Expand Down

0 comments on commit c5d4d7d

Please sign in to comment.