[IPSEC]: Remove redundant check in xfrm_state_add()

This is the patch referred to in the netlink_get_spi thread.

I was actually wrong about the reason for this patch though.  Firstly
it's the SPI check that is redundant and not the find_acq() call.
And it's redundant because of the find_acq() patch, not because
of the fact that this is in xfrm_state_add().

Now that find_acq() only returns SAs with SPIs, we don't need to
check this in xfrm_state_add() anymore.

We do still need the call though to clean up leftover larval states.

Another side-effect of the change is that we can move the existence
check above find_acq() since find_acq() will never return any SAs
matching the SPI we're trying to add (It doesn't need to because if
an SA with a matching SPI existed, it would've been returned by
state_lookup() already).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@redhat.com>

net/xfrm/xfrm_state.c

@@ -400,23 +400,17 @@ int xfrm_state_add(struct xfrm_state *x)
 	spin_lock_bh(&xfrm_state_lock);
 
 	x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
-	if (!x1) {
-		x1 = afinfo->find_acq(
-			x->props.mode, x->props.reqid, x->id.proto,
-			&x->id.daddr, &x->props.saddr, 0);
-		if (x1 && x1->id.spi != x->id.spi && x1->id.spi) {
-			xfrm_state_put(x1);
-			x1 = NULL;
-		}
-	}
-
-	if (x1 && x1->id.spi) {
+	if (x1) {
 		xfrm_state_put(x1);
 		x1 = NULL;
 		err = -EEXIST;
 		goto out;
 	}
 
+	x1 = afinfo->find_acq(
+		x->props.mode, x->props.reqid, x->id.proto,
+		&x->id.daddr, &x->props.saddr, 0);
+
 	__xfrm_state_insert(x);
 	err = 0;