diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2017-09-04 11:28:02 +0300 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2017-09-11 11:36:41 +0300 |
commit | c5d4d7d83165ae863954b113c7f403d8b58febed (patch) | |
tree | 1f646750392b10eaa162ed8cbc3d4ba89328ba53 /net/xfrm/xfrm_user.c | |
parent | 1f4f554a72be0d8c164c2f5bc6ba939a1c624fb4 (diff) | |
download | linux-c5d4d7d83165ae863954b113c7f403d8b58febed.tar.xz |
xfrm: Fix deletion of offloaded SAs on failure.
When we off load a SA, it gets pushed to the NIC before we can
add it. In case of a failure, we don't delete this SA from the
NIC. Fix this by calling xfrm_dev_state_delete on failure.
Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Reported-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm/xfrm_user.c')
-rw-r--r-- | net/xfrm/xfrm_user.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 2bfbd9121e3b..b997f1395357 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -657,6 +657,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) { x->km.state = XFRM_STATE_DEAD; + xfrm_dev_state_delete(x); __xfrm_state_put(x); goto out; } |