Google Git
Sign in
linux/linux/kernel/git/klassert/ipsec-next/refs/heads/testing^!/.
commit
a77d172177f3754ebd70123c78c75a6efa9eec2a
[log]
author
Deepanshu Kartikey <kartikey406@gmail.com>
Tue Apr 14 07:39:47 2026 +0530
committer
Steffen Klassert <steffen.klassert@secunet.com>
Wed Apr 29 09:36:05 2026 +0200
tree
4aaf3cb0784ccbd0f6d4f7717aa3248bbac4b00d
parent
790ead9394860e7d70c5e0e50a35b243e909a618 [diff]
xfrm: cleanup error path in xfrm_add_policy()

Replace the open-coded manual cleanup in the error path of
xfrm_add_policy() with xfrm_policy_destroy(), which already
handles all the necessary cleanup internally. This is consistent
with how xfrm_policy_construct() handles its own error paths.

The walk.dead flag must be set before calling xfrm_policy_destroy()
as required by BUG_ON(!policy->walk.dead).

Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d56450f..ae144d1 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c

@@ -2267,9 +2267,8 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
 
 	if (err) {
 		xfrm_dev_policy_delete(xp);
-		xfrm_dev_policy_free(xp);
-		security_xfrm_policy_free(xp->security);
-		kfree(xp);
+		xp->walk.dead = 1;
+		xfrm_policy_destroy(xp);
 		return err;
 	}