[IPSEC]: Fix xfrm_tunnel leak.

Turns out that the IPIP tunnel used by IPCOMP states are only freed if the IPCOMP state is deleted by xfrm_state_delete. This is not the case for all states. For example, an immature IPCOMP state that dies in add_sa will not go through xfrm_state_delete. The following patch moves the delete_tunnel call into IPCOMP's destructor. I think it makes more sense there as IPCOMP is the only user of the tunnel anyway.

[IPSEC]: Fix xfrm_tunnel leak.
Turns out that the IPIP tunnel used by IPCOMP states are only freed if the IPCOMP state is deleted by xfrm_state_delete. This is not the case for all states. For example, an immature IPCOMP state that dies in add_sa will not go through xfrm_state_delete. The following patch moves the delete_tunnel call into IPCOMP's destructor. I think it makes more sense there as IPCOMP is the only user of the tunnel anyway.
d10920ba · Herbert Xu · David S. Miller · aaecbc98 · d10920ba · d10920ba
Commit d10920ba authored May 31, 2004 by Herbert Xu Committed by David S. Miller May 31, 2004
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

net/ipv4/ipcomp.c net/ipv4/ipcomp.c +1 -0

net/xfrm/xfrm_state.c net/xfrm/xfrm_state.c +0 -1

No files found.
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -339,6 +339,7 @@ static void ipcomp_destroy(struct xfrm_state *x)
 	struct ipcomp_data *ipcd = x->data;
 	if (!ipcd)
 		return;
+	xfrm_state_delete_tunnel(x);
 	ipcomp_free_data(ipcd);
 	kfree(ipcd);
 }

--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -231,7 +231,6 @@ static void __xfrm_state_delete(struct xfrm_state *x)
 void xfrm_state_delete(struct xfrm_state *x)
 {
-	xfrm_state_delete_tunnel(x);
 	spin_lock_bh(&x->lock);
 	__xfrm_state_delete(x);
 	spin_unlock_bh(&x->lock);