git-server-git.apps.pok.os.sepia.ceph.com Git

author	Sabrina Dubroca <sd@queasysnail.net>
	Mon, 23 Feb 2026 23:05:14 +0000 (00:05 +0100)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Wed, 25 Feb 2026 08:11:40 +0000 (09:11 +0100)
commit	0c0eef8ccd2413b0a10eb6bbd3442333b1e64dd2
tree	12d1e2fc72d839216bdb200e815617e19e0e6cf7	tree \| snapshot
parent	7d2fc41f91bc69acb6e01b0fa23cd7d0109a6a23	commit \| diff

esp: fix skb leak with espintcp and async crypto

When the TX queue for espintcp is full, esp_output_tail_tcp will
return an error and not free the skb, because with synchronous crypto,
the common xfrm output code will drop the packet for us.

With async crypto (esp_output_done), we need to drop the skb when
esp_output_tail_tcp returns an error.

Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

net/ipv4/esp4.c		diff \| blob \| history
net/ipv6/esp6.c		diff \| blob \| history