On Mon, May 12, 2025 at 02:53:12PM+0200, Dawid Osuchowski wrote:
> Thanks for your patch.
>
> Please use the correct target iwl-net for fixes, iwl-next for features
> and others.
>
> Maybe add a tag? Fixes: 63a67fe229ea ("ixgbe: add ipsec offload add and
> remove SA")
>
> In the future when sending patches against Intel networking drivers
> please send them directly To: [email protected] and Cc:
> [email protected].
>
OK, I will resend the patch to the iwl-net branch and include the Fixes
tag. Before I do that, I noticed that in ixgbe_ipsec_add_sa() we clear
the Tx SA struct with memset 0 on key-parsing failure but do not clear
the Rx SA struct in the corresponding error path:
617 /* get the key and salt */
618 ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
619 if (ret) {
620 NL_SET_ERR_MSG_MOD(extack,
"Failed to get key data for Rx SA table");
621 return ret; /* <- no memzero_explicit() here */
622 }
...
728 if (ret) {
729 NL_SET_ERR_MSG_MOD(extack,
"Failed to get key data for Tx SA table");
730 memset(&tsa, 0, sizeof(tsa));
731 return ret; /* <- clears tsa on error */
732 }
Both paths return immediately on key-parsing failure, should I add a
memzero_explicit(&rsa, sizeof(rsa)) before Rx-SA's return or remove the
memset(&tsa, ...) in the Tx-SA path to keep them consistent?
Best Regards,
Zilin Guan
