git: 4accefc998e7 - main - ipsec_offload: do not leak drv_spi unr
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 04 Nov 2025 19:21:17 UTC
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=4accefc998e731581549163cf1a582948b2ad0de
commit 4accefc998e731581549163cf1a582948b2ad0de
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-10-30 14:50:22 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-11-04 19:20:39 +0000
ipsec_offload: do not leak drv_spi unr
in the ipsec_accel_sa_newkey_cb() when the SA offload is only enabled
on a specific different interface, not the current one.
Also remove no longer relevant XXX comment.
Noted and reviewed by: slavash
Sponsored by: NVidia networking
MFC after: 1 week
---
sys/netipsec/ipsec_offload.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/sys/netipsec/ipsec_offload.c b/sys/netipsec/ipsec_offload.c
index 59a107881676..3583fc50f51b 100644
--- a/sys/netipsec/ipsec_offload.c
+++ b/sys/netipsec/ipsec_offload.c
@@ -289,19 +289,18 @@ ipsec_accel_sa_newkey_cb(if_t ifp, void *arg)
be32toh(tq->sav->spi), tq->sav->flags, tq->sav->seq);
priv = NULL;
drv_spi = alloc_unr(drv_spi_unr);
- if (tq->sav->accel_ifname != NULL &&
- strcmp(tq->sav->accel_ifname, if_name(ifp)) != 0) {
- error = ipsec_accel_handle_sav(tq->sav,
- ifp, drv_spi, priv, IFP_HS_REJECTED, NULL);
- goto out;
- }
if (drv_spi == -1) {
- /* XXXKIB */
dprintf("ipsec_accel_sa_install_newkey: cannot alloc "
"drv_spi if %s spi %#x\n", if_name(ifp),
be32toh(tq->sav->spi));
return (0);
}
+ if (tq->sav->accel_ifname != NULL &&
+ strcmp(tq->sav->accel_ifname, if_name(ifp)) != 0) {
+ error = ipsec_accel_handle_sav(tq->sav,
+ ifp, drv_spi, priv, IFP_HS_REJECTED, NULL);
+ goto out;
+ }
error = ifp->if_ipsec_accel_m->if_sa_newkey(ifp, tq->sav,
drv_spi, &priv);
if (error != 0) {