Re: Missing signoff in the ipsec tree

[Steffen Klassert]

On Tue, May 26, 2026 at 02:51:50PM +0100, Mark Brown wrote:
> Commit
> 
>   2982e599fff6f ("esp: fix page frag reference leak on skb_to_sgvec failure")
> 
> is missing a Signed-off-by from its author

The commit message looks like this:

commit 2982e599fff6faa21c8df147d96fc7af6c1a2f24
Author: e521588 <alessandro.schino@xxxxxx>
Date:   Wed May 20 09:27:17 2026 +0200

    esp: fix page frag reference leak on skb_to_sgvec failure
    
    In esp_output_tail(), when esp->inplace is false, the old skb page frags
    are replaced with a new page from the xfrm page_frag cache. The source
    scatterlist (sg) is built from the old frags before the replacement, and
    esp_ssg_unref() is responsible for releasing the old page references
    after the crypto operation completes.
    
    However, if the second skb_to_sgvec() call (which builds the destination
    scatterlist from the new page) fails, the code jumps to error_free which
    only calls kfree(tmp). The old page frag references captured in the
    source scatterlist are never released:
    
      1. sg[] is built from old frags via skb_to_sgvec() (no extra get_page)
      2. nr_frags is set to 1 and frag[0] is replaced with the new page
      3. Second skb_to_sgvec() fails -> goto error_free
      4. kfree(tmp) frees the sg[] memory but old frags are not unref'd
      5. kfree_skb() only releases frag[0] (the new page), not the old ones
    
    Fix this by adding a bool parameter to esp_ssg_unref() that, when true,
    unconditionally unrefs the source scatterlist frags without checking
    req->src and req->dst, since those fields are not yet initialized by
    aead_request_set_crypt() at the point of the error. Existing callers
    pass false to preserve the original behavior.
    
    The same issue exists in both esp4 and esp6 as the code is identical.
    
    Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
    Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
    
    Signed-off-by: Alessandro Schino <7991aleschino@xxxxxxxxx>
    Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>


So 'Author:' and 'Signed-off-by:' have different mail addresses,
but the person should be the same. I did not notice that when
I applied the patch. I hope it is not a problem.