It's better to use memset_explicit() to replace memset() in crypto cases.
Signed-off-by: zhong jiang <[email protected]>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 31629fc..7e4f32f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
return 0;
err_aead:
- memset(xs->aead, 0, sizeof(*xs->aead));
+ memzero_explicit(xs->aead, sizeof(*xs->aead));
kfree(xs->aead);
err_xs:
- memset(xs, 0, sizeof(*xs));
+ memzero_explicit(xs, sizeof(*xs));
kfree(xs);
err_out:
msgbuf[1] = err;
@@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
ixgbe_ipsec_del_sa(xs);
/* remove the xs that was made-up in the add request */
- memset(xs, 0, sizeof(*xs));
+ memzero_explicit(xs, sizeof(*xs));
kfree(xs);
return 0;
--
1.7.12.4
Hello!
On 17.09.2019 6:45, zhong jiang wrote:
> It's better to use memset_explicit() to replace memset() in crypto cases.
But you're using memzero_explicit() below?
> Signed-off-by: zhong jiang <[email protected]>
> ---
> drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> index 31629fc..7e4f32f 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> @@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
> return 0;
>
> err_aead:
> - memset(xs->aead, 0, sizeof(*xs->aead));
> + memzero_explicit(xs->aead, sizeof(*xs->aead));
> kfree(xs->aead);
> err_xs:
> - memset(xs, 0, sizeof(*xs));
> + memzero_explicit(xs, sizeof(*xs));
> kfree(xs);
> err_out:
> msgbuf[1] = err;
> @@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
> ixgbe_ipsec_del_sa(xs);
>
> /* remove the xs that was made-up in the add request */
> - memset(xs, 0, sizeof(*xs));
> + memzero_explicit(xs, sizeof(*xs));
> kfree(xs);
>
> return 0;
MBR, Sergei
On 2019/9/17 17:59, Sergei Shtylyov wrote:
> Hello!
>
> On 17.09.2019 6:45, zhong jiang wrote:
>
>> It's better to use memset_explicit() to replace memset() in crypto cases.
>
> But you're using memzero_explicit() below?
Sorry, stupid Oops. I will repost. Thank for your reminder.
Sincerely,
zhong jiang
>
>> Signed-off-by: zhong jiang <[email protected]>
>> ---
>> drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
>> index 31629fc..7e4f32f 100644
>> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
>> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
>> @@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
>> return 0;
>> err_aead:
>> - memset(xs->aead, 0, sizeof(*xs->aead));
>> + memzero_explicit(xs->aead, sizeof(*xs->aead));
>> kfree(xs->aead);
>> err_xs:
>> - memset(xs, 0, sizeof(*xs));
>> + memzero_explicit(xs, sizeof(*xs));
>> kfree(xs);
>> err_out:
>> msgbuf[1] = err;
>> @@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
>> ixgbe_ipsec_del_sa(xs);
>> /* remove the xs that was made-up in the add request */
>> - memset(xs, 0, sizeof(*xs));
>> + memzero_explicit(xs, sizeof(*xs));
>> kfree(xs);
>> return 0;
>
> MBR, Sergei
>
> .
>