xfrm: Fix deletion of offloaded SAs on failure.
When we off load a SA, it gets pushed to the NIC before we can
add it. In case of a failure, we don't delete this SA from the
NIC. Fix this by calling xfrm_dev_state_delete on failure.
Fixes: d77e38e612
("xfrm: Add an IPsec hardware offloading API")
Reported-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
1f4f554a72
commit
c5d4d7d831
1 changed files with 1 additions and 0 deletions
|
@ -657,6 +657,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
|
|||
|
||||
if (err < 0) {
|
||||
x->km.state = XFRM_STATE_DEAD;
|
||||
xfrm_dev_state_delete(x);
|
||||
__xfrm_state_put(x);
|
||||
goto out;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue