[net] xfrm: allow to release xfrm_state with flush

Message ID	20180412190315.3102-2-jacek.kalwas@intel.com
State	Awaiting Upstream, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Jacek Kalwas <jacek.kalwas@intel.com> To: davem@davemloft.net Cc: Jacek Kalwas <jacek.kalwas@intel.com>, netdev@vger.kernel.org, intel-wired-lan@lists.osuosl.org Subject: [net] xfrm: allow to release xfrm_state with flush Date: Thu, 12 Apr 2018 12:03:14 -0700 Message-Id: <20180412190315.3102-2-jacek.kalwas@intel.com> In-Reply-To: <20180412190315.3102-1-jacek.kalwas@intel.com> References: <20180412190315.3102-1-jacek.kalwas@intel.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	[net] xfrm: allow to release xfrm_state with flush \| expand [net] xfrm: allow to release xfrm_state with flush

Message ID

20180412190315.3102-2-jacek.kalwas@intel.com

State

Awaiting Upstream, archived

Delegated to:

David Miller

Headers

From: Jacek Kalwas <jacek.kalwas@intel.com>
To: davem@davemloft.net
Cc: Jacek Kalwas <jacek.kalwas@intel.com>, netdev@vger.kernel.org,
	intel-wired-lan@lists.osuosl.org
Subject: [net] xfrm: allow to release xfrm_state with flush
Date: Thu, 12 Apr 2018 12:03:14 -0700
Message-Id: <20180412190315.3102-2-jacek.kalwas@intel.com>
In-Reply-To: <20180412190315.3102-1-jacek.kalwas@intel.com>
References: <20180412190315.3102-1-jacek.kalwas@intel.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

[net] xfrm: allow to release xfrm_state with flush | expand

Commit Message

Jacek Kalwas April 12, 2018, 7:03 p.m. UTC

Call to flush SAs doesn't release xfrm_state in case there was a
traffic associated with that state and state was already deleted.

Given patch calls xfrm_policy_cache_flush despite of actual states
deleted in xfrm_state_flush function.

Signed-off-by: Jacek Kalwas <jacek.kalwas@intel.com>
---
 net/xfrm/xfrm_state.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Steffen Klassert April 19, 2018, 6:56 a.m. UTC | #1

On Thu, Apr 12, 2018 at 12:03:14PM -0700, Jacek Kalwas wrote:
> Call to flush SAs doesn't release xfrm_state in case there was a
> traffic associated with that state and state was already deleted.
> 
> Given patch calls xfrm_policy_cache_flush despite of actual states
> deleted in xfrm_state_flush function.
> 
> Signed-off-by: Jacek Kalwas <jacek.kalwas@intel.com>

This is a fix that needs to be backported to -stable,
so please add a proper 'Fixes:' tag and resend based on
the ipsec tree.

Thanks!

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index f9d2f2233f09..7d3d6a12a14f 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -734,10 +734,10 @@  int xfrm_state_flush(struct net *net, u8 proto, bool task_valid)
 	}
 out:
 	spin_unlock_bh(&net->xfrm.xfrm_state_lock);
-	if (cnt) {
+	if (cnt)
 		err = 0;
-		xfrm_policy_cache_flush();
-	}
+
+	xfrm_policy_cache_flush();
 	return err;
 }
 EXPORT_SYMBOL(xfrm_state_flush);

[net] xfrm: allow to release xfrm_state with flush

Commit Message

Comments

Patch