xfrm: Indicate xfrm_state offload errors
authorIlan Tayari <ilant@mellanox.com>
Sun, 30 Apr 2017 13:51:19 +0000 (16:51 +0300)
committerDavid S. Miller <davem@davemloft.net>
Mon, 1 May 2017 18:59:39 +0000 (14:59 -0400)
Current code silently ignores driver errors when configuring
IPSec offload xfrm_state, and falls back to host-based crypto.

Fail the xfrm_state creation if the driver has an error, because
the NIC offloading was explicitly requested by the user program.

This will communicate back to the user that there was an error.

Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Ilan Tayari <ilant@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/xfrm/xfrm_user.c

index ba74e5eeeeef9103d7ebfe2d22fc31a7c8701760..c4cceddac9db67dbf184c99a369ebe13e7a10a54 100644 (file)
@@ -595,9 +595,12 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
                        goto error;
        }
 
-       if (attrs[XFRMA_OFFLOAD_DEV] &&
-           xfrm_dev_state_add(net, x, nla_data(attrs[XFRMA_OFFLOAD_DEV])))
-               goto error;
+       if (attrs[XFRMA_OFFLOAD_DEV]) {
+               err = xfrm_dev_state_add(net, x,
+                                        nla_data(attrs[XFRMA_OFFLOAD_DEV]));
+               if (err)
+                       goto error;
+       }
 
        if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
                                               attrs[XFRMA_REPLAY_ESN_VAL])))