Message ID | 20170430135119.11159-1-ilant@mellanox.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: <ilant@mellanox.com> Date: Sun, 30 Apr 2017 16:51:19 +0300 > From: Ilan Tayari <ilant@mellanox.com> > > Current code silently ignores driver errors when configuring > IPSec offload xfrm_state, and falls back to host-based crypto. > > Fail the xfrm_state creation if the driver has an error, because > the NIC offloading was explicitly requested by the user program. > > This will communicate back to the user that there was an error. > > Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API") > Signed-off-by: Ilan Tayari <ilant@mellanox.com> Also applied. Steffen, I apologize for taking these directly but I really wanted to make sure these fixes made it into the pull request I plan to send to Linus for the merge window soon. Thanks.
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index ba74e5eeeeef..c4cceddac9db 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -595,9 +595,12 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, goto error; } - if (attrs[XFRMA_OFFLOAD_DEV] && - xfrm_dev_state_add(net, x, nla_data(attrs[XFRMA_OFFLOAD_DEV]))) - goto error; + if (attrs[XFRMA_OFFLOAD_DEV]) { + err = xfrm_dev_state_add(net, x, + nla_data(attrs[XFRMA_OFFLOAD_DEV])); + if (err) + goto error; + } if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn, attrs[XFRMA_REPLAY_ESN_VAL])))