xfrm_user: fix freeing of xfrm states on acquire (5ecdfbb0) · Commits · e / devices / android_kernel_fairphone_FP4

include/net/xfrm.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -1552,6 +1552,7 @@ int xfrm_state_walk(struct net net, struct xfrm_state_walk walk,
		int (func)(struct xfrm_state , int, void), void );
		void xfrm_state_walk_done(struct xfrm_state_walk walk, struct net net);
		struct xfrm_state xfrm_state_alloc(struct net net);
		void xfrm_state_free(struct xfrm_state *x);
		struct xfrm_state xfrm_state_find(const xfrm_address_t daddr,
		const xfrm_address_t *saddr,
		const struct flowi *fl,

+7 −1

Original line number	Diff line number	Diff line
		@@ -426,6 +426,12 @@ static void xfrm_put_mode(struct xfrm_mode *mode)
		module_put(mode->owner);
		}

		void xfrm_state_free(struct xfrm_state *x)
		{
		kmem_cache_free(xfrm_state_cache, x);
		}
		EXPORT_SYMBOL(xfrm_state_free);

		static void xfrm_state_gc_destroy(struct xfrm_state *x)
		{
		tasklet_hrtimer_cancel(&x->mtimer);
		@@ -452,7 +458,7 @@ static void xfrm_state_gc_destroy(struct xfrm_state *x)
		}
		xfrm_dev_state_free(x);
		security_xfrm_state_free(x);
		kmem_cache_free(xfrm_state_cache, x);
		xfrm_state_free(x);
		}

		static void xfrm_state_gc_task(struct work_struct *work)

+2 −2

Original line number	Diff line number	Diff line
		@@ -2288,13 +2288,13 @@ static int xfrm_add_acquire(struct sk_buff skb, struct nlmsghdr nlh,

		}

		kfree(x);
		xfrm_state_free(x);
		kfree(xp);

		return 0;

		free_state:
		kfree(x);
		xfrm_state_free(x);
		nomem:
		return err;
		}