[PATCH] xfrm: kill xfrm_dev_{state,policy}_flush_secctx_check()
Paul Moore
paul at paul-moore.com
Mon Jan 26 22:33:29 UTC 2026
On Fri, Jan 23, 2026 at 5:13 AM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
>
> Since xfrm_dev_{state,policy}_flush() are called from only NETDEV_DOWN and
> NETDEV_UNREGISTER events, making xfrm_dev_{state,policy}_flush() no-op by
> returning an error value from xfrm_dev_{state,policy}_flush_secctx_check()
> is pointless. Especially, if xfrm_dev_{state,policy}_flush_secctx_check()
> returned an error value upon NETDEV_UNREGISTER event, the system will hung
> up with
>
> unregister_netdevice: waiting for $dev to become free. Usage count = $count
>
> message because the reference to $dev acquired by
> xfrm_dev_{state,policy}_add() cannot be released.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> ---
> net/xfrm/xfrm_policy.c | 35 -----------------------------------
> net/xfrm/xfrm_state.c | 33 ---------------------------------
> 2 files changed, 68 deletions(-)
I didn't make it very far into reviewing this patch, because it looks
like xfrm_dev_state_flush() is called by the bonding driver's
notification handler, and I don't see that reflected in this patch?
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list