From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Steffen Klassert <steffen.klassert@secunet.com>,
<netdev@vger.kernel.org>
Subject: [PATCH 03/20] xfrm: call xdo_dev_state_delete during state update
Date: Mon, 23 Mar 2026 09:33:44 +0100 [thread overview]
Message-ID: <20260323083440.2741292-4-steffen.klassert@secunet.com> (raw)
In-Reply-To: <20260323083440.2741292-1-steffen.klassert@secunet.com>
From: Sabrina Dubroca <sd@queasysnail.net>
When we update an SA, we construct a new state and call
xdo_dev_state_add, but never insert it. The existing state is updated,
then we immediately destroy the new state. Since we haven't added it,
we don't go through the standard state delete code, and we're skipping
removing it from the device (but xdo_dev_state_free will get called
when we destroy the temporary state).
This is similar to commit c5d4d7d83165 ("xfrm: Fix deletion of
offloaded SAs on failure.").
Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_state.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 98b362d51836..a00c4fe1ab0c 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2264,6 +2264,7 @@ int xfrm_state_update(struct xfrm_state *x)
err = 0;
x->km.state = XFRM_STATE_DEAD;
+ xfrm_dev_state_delete(x);
__xfrm_state_put(x);
}
--
2.43.0
next prev parent reply other threads:[~2026-03-23 8:35 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-23 8:33 [PATCH 0/20] pull request (net): ipsec 2026-03-23 Steffen Klassert
2026-03-23 8:33 ` [PATCH 01/20] xfrm: add missing extack for XFRMA_SA_PCPU in add_acquire and allocspi Steffen Klassert
2026-03-24 14:30 ` patchwork-bot+netdevbpf
2026-03-23 8:33 ` [PATCH 02/20] xfrm: fix the condition on x->pcpu_num in xfrm_sa_len Steffen Klassert
2026-03-23 8:33 ` Steffen Klassert [this message]
2026-03-23 8:33 ` [PATCH 04/20] esp: fix skb leak with espintcp and async crypto Steffen Klassert
2026-03-23 8:33 ` [PATCH 05/20] xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Steffen Klassert
2026-03-23 8:33 ` [PATCH 06/20] xfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly Steffen Klassert
2026-03-23 8:33 ` [PATCH 07/20] xfrm: state: fix sparse warnings on xfrm_state_hold_rcu Steffen Klassert
2026-03-23 8:33 ` [PATCH 08/20] xfrm: state: fix sparse warnings in xfrm_state_init Steffen Klassert
2026-03-23 8:33 ` [PATCH 09/20] xfrm: state: fix sparse warnings around XFRM_STATE_INSERT Steffen Klassert
2026-03-23 8:33 ` [PATCH 10/20] xfrm: state: add xfrm_state_deref_prot to state_by* walk under lock Steffen Klassert
2026-03-23 8:33 ` [PATCH 11/20] xfrm: remove rcu/state_hold from xfrm_state_lookup_spi_proto Steffen Klassert
2026-03-23 8:33 ` [PATCH 12/20] xfrm: state: silence sparse warnings during netns exit Steffen Klassert
2026-03-23 8:33 ` [PATCH 13/20] xfrm: policy: fix sparse warnings in xfrm_policy_{init,fini} Steffen Klassert
2026-03-23 8:33 ` [PATCH 14/20] xfrm: policy: silence sparse warning in xfrm_policy_unregister_afinfo Steffen Klassert
2026-03-23 8:33 ` [PATCH 15/20] xfrm: add rcu_access_pointer to silence sparse warning for xfrm_input_afinfo Steffen Klassert
2026-03-23 8:33 ` [PATCH 16/20] xfrm: avoid RCU warnings around the per-netns netlink socket Steffen Klassert
2026-03-23 8:33 ` [PATCH 17/20] xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() Steffen Klassert
2026-03-23 8:33 ` [PATCH 18/20] xfrm: prevent policy_hthresh.work from racing with netns teardown Steffen Klassert
2026-03-23 8:34 ` [PATCH 19/20] af_key: validate families in pfkey_send_migrate() Steffen Klassert
2026-03-23 8:34 ` [PATCH 20/20] xfrm: iptfs: only publish mode_data after clone setup Steffen Klassert
2026-03-24 11:33 ` Paolo Abeni
2026-03-24 11:52 ` Steffen Klassert
2026-03-24 12:35 ` Paolo Abeni
2026-03-24 12:40 ` Steffen Klassert
2026-03-24 14:22 ` Paolo Abeni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260323083440.2741292-4-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox