Re: [PATCH net-next] ixgbe: Use memzero_explicit directly in crypto cases
On 2019/9/18 10:36, zhong jiang wrote: > In general, Use kzfree() to replace memset() + kfree() is feasible and > resonable. But It's btter to use memzero_explicit() to replace memset() > in crypto cases. s/btter/better/, will repost. sorry for that. Thanks, zhong jiang > Signed-off-by: zhong jiang > --- > drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 ++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c > b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c > index 113f608..7e4f32f 100644 > --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c > +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c > @@ -960,9 +960,11 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, > u32 *msgbuf, u32 vf) > return 0; > > err_aead: > - kzfree(xs->aead); > + memzero_explicit(xs->aead, sizeof(*xs->aead)); > + kfree(xs->aead); > err_xs: > - kzfree(xs); > + memzero_explicit(xs, sizeof(*xs)); > + kfree(xs); > err_out: > msgbuf[1] = err; > return err; > @@ -1047,7 +1049,8 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter > *adapter, u32 *msgbuf, u32 vf) > ixgbe_ipsec_del_sa(xs); > > /* remove the xs that was made-up in the add request */ > - kzfree(xs); > + memzero_explicit(xs, sizeof(*xs)); > + kfree(xs); > > return 0; > }
[RESENT PATCH net-next] ixgbe: Use memzero_explicit directly in crypto cases
In general, Use kzfree() to replace memset() + kfree() is feasible and resonable. But It's better to use memzero_explicit() to replace memset() in crypto cases. Signed-off-by: zhong jiang --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 113f608..7e4f32f 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -960,9 +960,11 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) return 0; err_aead: - kzfree(xs->aead); + memzero_explicit(xs->aead, sizeof(*xs->aead)); + kfree(xs->aead); err_xs: - kzfree(xs); + memzero_explicit(xs, sizeof(*xs)); + kfree(xs); err_out: msgbuf[1] = err; return err; @@ -1047,7 +1049,8 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) ixgbe_ipsec_del_sa(xs); /* remove the xs that was made-up in the add request */ - kzfree(xs); + memzero_explicit(xs, sizeof(*xs)); + kfree(xs); return 0; } -- 1.7.12.4
[PATCH net-next] ixgbe: Use memzero_explicit directly in crypto cases
In general, Use kzfree() to replace memset() + kfree() is feasible and resonable. But It's btter to use memzero_explicit() to replace memset() in crypto cases. Signed-off-by: zhong jiang --- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 113f608..7e4f32f 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c @@ -960,9 +960,11 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) return 0; err_aead: - kzfree(xs->aead); + memzero_explicit(xs->aead, sizeof(*xs->aead)); + kfree(xs->aead); err_xs: - kzfree(xs); + memzero_explicit(xs, sizeof(*xs)); + kfree(xs); err_out: msgbuf[1] = err; return err; @@ -1047,7 +1049,8 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf) ixgbe_ipsec_del_sa(xs); /* remove the xs that was made-up in the add request */ - kzfree(xs); + memzero_explicit(xs, sizeof(*xs)); + kfree(xs); return 0; } -- 1.7.12.4