| Message ID | 1568731462-46758-1-git-send-email-zhongjiang@huawei.com |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | David Miller |
| Headers | show |
| Series | [RESENT,v2] ixgbe: Use memzero_explicit directly in crypto cases | expand |
On Tue, 17 Sep 2019 22:44:22 +0800, zhong jiang wrote: > It's better to use memzero_explicit() to replace memset() in crypto cases. > > Signed-off-by: zhong jiang <zhongjiang@huawei.com> Thank you for the follow up! Your previous patch to use kzfree() has been applied on its own merit, could you rebase this one on top of current net-next/master? > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c > index 31629fc..7e4f32f 100644 > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c > @@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) > return 0; > > err_aead: > - memset(xs->aead, 0, sizeof(*xs->aead)); > + memzero_explicit(xs->aead, sizeof(*xs->aead)); > kfree(xs->aead); > err_xs: > - memset(xs, 0, sizeof(*xs)); > + memzero_explicit(xs, sizeof(*xs)); > kfree(xs); > err_out: > msgbuf[1] = err; > @@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) > ixgbe_ipsec_del_sa(xs); > > /* remove the xs that was made-up in the add request */ > - memset(xs, 0, sizeof(*xs)); > + memzero_explicit(xs, sizeof(*xs)); > kfree(xs); > > return 0;
On 2019/9/18 2:11, Jakub Kicinski wrote: > On Tue, 17 Sep 2019 22:44:22 +0800, zhong jiang wrote: >> It's better to use memzero_explicit() to replace memset() in crypto cases. >> >> Signed-off-by: zhong jiang <zhongjiang@huawei.com> > Thank you for the follow up! Your previous patch to use kzfree() > has been applied on its own merit, could you rebase this one on top > of current net-next/master? I will do that. Thanks, zhong jiang >> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c >> index 31629fc..7e4f32f 100644 >> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c >> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c >> @@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) >> return 0; >> >> err_aead: >> - memset(xs->aead, 0, sizeof(*xs->aead)); >> + memzero_explicit(xs->aead, sizeof(*xs->aead)); >> kfree(xs->aead); >> err_xs: >> - memset(xs, 0, sizeof(*xs)); >> + memzero_explicit(xs, sizeof(*xs)); >> kfree(xs); >> err_out: >> msgbuf[1] = err; >> @@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) >> ixgbe_ipsec_del_sa(xs); >> >> /* remove the xs that was made-up in the add request */ >> - memset(xs, 0, sizeof(*xs)); >> + memzero_explicit(xs, sizeof(*xs)); >> kfree(xs); >> >> return 0; > > . >
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 31629fc..7e4f32f 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) return 0; err_aead: - memset(xs->aead, 0, sizeof(*xs->aead)); + memzero_explicit(xs->aead, sizeof(*xs->aead)); kfree(xs->aead); err_xs: - memset(xs, 0, sizeof(*xs)); + memzero_explicit(xs, sizeof(*xs)); kfree(xs); err_out: msgbuf[1] = err; @@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) ixgbe_ipsec_del_sa(xs); /* remove the xs that was made-up in the add request */ - memset(xs, 0, sizeof(*xs)); + memzero_explicit(xs, sizeof(*xs)); kfree(xs); return 0;
It's better to use memzero_explicit() to replace memset() in crypto cases. Signed-off-by: zhong jiang <zhongjiang@huawei.com> --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)