Message ID | 20180412190315.3102-2-jacek.kalwas@intel.com |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
Series | [net] xfrm: allow to release xfrm_state with flush | expand |
On Thu, Apr 12, 2018 at 12:03:14PM -0700, Jacek Kalwas wrote: > Call to flush SAs doesn't release xfrm_state in case there was a > traffic associated with that state and state was already deleted. > > Given patch calls xfrm_policy_cache_flush despite of actual states > deleted in xfrm_state_flush function. > > Signed-off-by: Jacek Kalwas <jacek.kalwas@intel.com> This is a fix that needs to be backported to -stable, so please add a proper 'Fixes:' tag and resend based on the ipsec tree. Thanks!
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f9d2f2233f09..7d3d6a12a14f 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -734,10 +734,10 @@ int xfrm_state_flush(struct net *net, u8 proto, bool task_valid) } out: spin_unlock_bh(&net->xfrm.xfrm_state_lock); - if (cnt) { + if (cnt) err = 0; - xfrm_policy_cache_flush(); - } + + xfrm_policy_cache_flush(); return err; } EXPORT_SYMBOL(xfrm_state_flush);
Call to flush SAs doesn't release xfrm_state in case there was a traffic associated with that state and state was already deleted. Given patch calls xfrm_policy_cache_flush despite of actual states deleted in xfrm_state_flush function. Signed-off-by: Jacek Kalwas <jacek.kalwas@intel.com> --- net/xfrm/xfrm_state.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)