FreeBSD Mail Archives

Date:      Tue, 4 Nov 2025 19:21:17 GMT
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 4accefc998e7 - main - ipsec_offload: do not leak drv_spi unr
Message-ID:  <202511041921.5A4JLHA3048216@gitrepo.freebsd.org>

index | next in thread | raw e-mail


The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=4accefc998e731581549163cf1a582948b2ad0de

commit 4accefc998e731581549163cf1a582948b2ad0de
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-10-30 14:50:22 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-11-04 19:20:39 +0000

    ipsec_offload: do not leak drv_spi unr
    
    in the ipsec_accel_sa_newkey_cb() when the SA offload is only enabled
    on a specific different interface, not the current one.
    
    Also remove no longer relevant XXX comment.
    
    Noted and reviewed by:  slavash
    Sponsored by:   NVidia networking
    MFC after:      1 week
---
 sys/netipsec/ipsec_offload.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c
index 59a107881676..3583fc50f51b 100644
--- a/sys/netipsec/ipsec_offload.c
+++ b/sys/netipsec/ipsec_offload.c
@@ -289,19 +289,18 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg)
 	    be32toh(tq->sav->spi), tq->sav->flags, tq->sav->seq);
 	priv = NULL;
 	drv_spi = alloc_unr(drv_spi_unr);
-	if (tq->sav->accel_ifname != NULL &&
-	    strcmp(tq->sav->accel_ifname, if_name(ifp)) != 0) {
-		error = ipsec_accel_handle_sav(tq->sav,
-		    ifp, drv_spi, priv, IFP_HS_REJECTED, NULL);
-		goto out;
-	}
 	if (drv_spi == -1) {
-		/* XXXKIB */
 		dprintf("ipsec_accel_sa_install_newkey: cannot alloc "
 		    "drv_spi if %s spi %#x\n", if_name(ifp),
 		    be32toh(tq->sav->spi));
 		return (0);
 	}
+	if (tq->sav->accel_ifname != NULL &&
+	    strcmp(tq->sav->accel_ifname, if_name(ifp)) != 0) {
+		error = ipsec_accel_handle_sav(tq->sav,
+		    ifp, drv_spi, priv, IFP_HS_REJECTED, NULL);
+		goto out;
+	}
 	error = ifp->if_ipsec_accel_m->if_sa_newkey(ifp, tq->sav,
 	    drv_spi, &priv);
 	if (error != 0) {

help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202511041921.5A4JLHA3048216>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation