[PATCH ipsec-next v3] xfrm: cleanup error path in xfrm_add_policy()

Next message: Mi, Dapeng: "Re: [PATCH] perf/x86/intel: Keep anythread_deprecated capability"
Previous message: Deepanshu Kartikey: "Re: [PATCH v2] media: ec168: fix slab-out-of-bounds in ec168_i2c_xfer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Deepanshu Kartikey

Date: Mon Apr 13 2026 - 22:10:00 EST

Replace the open-coded manual cleanup in the error path of
xfrm_add_policy() with xfrm_policy_destroy(), which already
handles all the necessary cleanup internally. This is consistent
with how xfrm_policy_construct() handles its own error paths.

The walk.dead flag must be set before calling xfrm_policy_destroy()
as required by BUG_ON(!policy->walk.dead).

Signed-off-by: Deepanshu Kartikey <kartikey406@xxxxxxxxx>
---
v3:
- Changed prefix to ipsec-next as this is a cleanup
- Dropped syzbot references as suggested by Sabrina Dubroca
v2:
- Reworded commit message to reflect cleanup rather than bugfix
as suggested by Sabrina Dubroca
- Removed incorrect Fixes: and Closes: tags
- Corrected subject prefix to PATCH ipsec
---
net/xfrm/xfrm_user.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d56450f61669..ae144d1e4a65 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2267,9 +2267,8 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,

if (err) {
xfrm_dev_policy_delete(xp);
- xfrm_dev_policy_free(xp);
- security_xfrm_policy_free(xp->security);
- kfree(xp);
+ xp->walk.dead = 1;
+ xfrm_policy_destroy(xp);
return err;
}

--
2.43.0