2 files changed, 7 insertions, 6 deletions
diff --git a/include/net/dst.h b/include/net/dst.h
index a8ae4e760778..0fb99a26e973 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -481,6 +481,7 @@ void dst_init(void);
 enum {
        XFRM_LOOKUP_ICMP = 1 << 0,
        XFRM_LOOKUP_QUEUE = 1 << 1,
+        XFRM_LOOKUP_KEEP_DST_REF = 1 << 2,
 };
 struct flowi;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index cee479bc655c..638af0655aaf 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2269,11 +2269,9 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
                 * have the xfrm_state's. We need to wait for KM to
                 * negotiate new SA's or bail out with error.*/
                if (net->xfrm.sysctl_larval_drop) {
-                        dst_release(dst);
-                        xfrm_pols_put(pols, drop_pols);
                        XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
+                        err = -EREMOTE;
-                        return ERR_PTR(-EREMOTE);
+                        goto error;
                }
                err = -EAGAIN;
@@ -2324,7 +2322,8 @@ nopol:
 error:
        dst_release(dst);
 dropdst:
-        dst_release(dst_orig);
+        if (!(flags & XFRM_LOOKUP_KEEP_DST_REF))
+                dst_release(dst_orig);
        xfrm_pols_put(pols, drop_pols);
        return ERR_PTR(err);
 }
@@ -2338,7 +2337,8 @@ struct dst_entry *xfrm_lookup_route(struct net *net, struct dst_entry *dst_orig,
                                    struct sock *sk, int flags)
 {
        struct dst_entry *dst = xfrm_lookup(net, dst_orig, fl, sk,
-                                            flags | XFRM_LOOKUP_QUEUE);
+                                            flags | XFRM_LOOKUP_QUEUE |
+                                            XFRM_LOOKUP_KEEP_DST_REF);
        if (IS_ERR(dst) && PTR_ERR(dst) == -EREMOTE)
                return make_blackhole(net, dst_orig->ops->family, dst_orig);

diff --git a/include/net/dst.h b/include/net/dst.h index a8ae4e760778..0fb99a26e973 100644 --- a/include/net/dst.h +++ b/include/net/dst.h
@@ -481,6 +481,7 @@ void dst_init(void);
481	enum {	481	enum {
482	XFRM_LOOKUP_ICMP = 1 << 0,	482	XFRM_LOOKUP_ICMP = 1 << 0,
483	XFRM_LOOKUP_QUEUE = 1 << 1,	483	XFRM_LOOKUP_QUEUE = 1 << 1,
		484	XFRM_LOOKUP_KEEP_DST_REF = 1 << 2,
484	};	485	};
485		486
486	struct flowi;	487	struct flowi;


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index cee479bc655c..638af0655aaf 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -2269,11 +2269,9 @@ struct dst_entry xfrm_lookup(struct net net, struct dst_entry *dst_orig,
2269	* have the xfrm_state's. We need to wait for KM to	2269	* have the xfrm_state's. We need to wait for KM to
2270	* negotiate new SA's or bail out with error.*/	2270	* negotiate new SA's or bail out with error.*/
2271	if (net->xfrm.sysctl_larval_drop) {	2271	if (net->xfrm.sysctl_larval_drop) {
2272	dst_release(dst);
2273	xfrm_pols_put(pols, drop_pols);
2274	XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);	2272	XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
2275		2273	err = -EREMOTE;
2276	return ERR_PTR(-EREMOTE);	2274	goto error;
2277	}	2275	}
2278		2276
2279	err = -EAGAIN;	2277	err = -EAGAIN;
@@ -2324,7 +2322,8 @@ nopol:
2324	error:	2322	error:
2325	dst_release(dst);	2323	dst_release(dst);
2326	dropdst:	2324	dropdst:
2327	dst_release(dst_orig);	2325	if (!(flags & XFRM_LOOKUP_KEEP_DST_REF))
		2326	dst_release(dst_orig);
2328	xfrm_pols_put(pols, drop_pols);	2327	xfrm_pols_put(pols, drop_pols);
2329	return ERR_PTR(err);	2328	return ERR_PTR(err);
2330	}	2329	}
@@ -2338,7 +2337,8 @@ struct dst_entry xfrm_lookup_route(struct net net, struct dst_entry *dst_orig,
2338	struct sock *sk, int flags)	2337	struct sock *sk, int flags)
2339	{	2338	{
2340	struct dst_entry *dst = xfrm_lookup(net, dst_orig, fl, sk,	2339	struct dst_entry *dst = xfrm_lookup(net, dst_orig, fl, sk,
2341	flags \| XFRM_LOOKUP_QUEUE);	2340	flags \| XFRM_LOOKUP_QUEUE \|
		2341	XFRM_LOOKUP_KEEP_DST_REF);
2342		2342
2343	if (IS_ERR(dst) && PTR_ERR(dst) == -EREMOTE)	2343	if (IS_ERR(dst) && PTR_ERR(dst) == -EREMOTE)
2344	return make_blackhole(net, dst_orig->ops->family, dst_orig);	2344	return make_blackhole(net, dst_orig->ops->family, dst_orig);