2017-06-09 20:29 GMT+08:00 Hangbin Liu <liuhang...@gmail.com>:
> On Fri, Jun 09, 2017 at 05:49:50PM +0800, Xin Long wrote:
>> another fix is to move xfrm_garbage_collect out of xfrm_policy_flush.
>> I could only see two places need to call it.
>> something like:
>>
>> --- a/net/key/af_key.c
>> +++ b/net/key/af_key.c
>> @@ -2755,6 +2755,8 @@ static int pfkey_spdflush(struct sock *sk,
>> struct sk_buff *skb, const struct sad
>> int err, err2;
>>
>> err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, true);
>> + if (!err)
>> + xfrm_garbage_collect(net);
>> err2 = unicast_flush_resp(sk, hdr);
>> if (err || err2) {
>> if (err == -ESRCH) /* empty table - old silent behavior */
>
> Hmm, that would be better, just the xfrm_garbage_collect() need to be after
> err || err2 check
>
> + xfrm_garbage_collect(net);
Ah, my mistake. we should check err first. Sorry.
>
> I will send v2 patch.
>
> Thanks
> Hangbin
