Commit c5d4d7d8 authored by Steffen Klassert's avatar Steffen Klassert

xfrm: Fix deletion of offloaded SAs on failure.

When we off load a SA, it gets pushed to the NIC before we can
add it. In case of a failure, we don't delete this SA from the
NIC. Fix this by calling xfrm_dev_state_delete on failure.

Fixes: d77e38e6 ("xfrm: Add an IPsec hardware offloading API")
Reported-by: default avatarShannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 1f4f554a
...@@ -657,6 +657,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -657,6 +657,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
if (err < 0) { if (err < 0) {
x->km.state = XFRM_STATE_DEAD; x->km.state = XFRM_STATE_DEAD;
xfrm_dev_state_delete(x);
__xfrm_state_put(x); __xfrm_state_put(x);
goto out; goto out;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment