It's better to use memzero_explicit() to replace memset() in crypto cases.
Signed-off-by: zhong jiang <[email protected]>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 31629fc..7e4f32f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
return 0;
err_aead:
- memset(xs->aead, 0, sizeof(*xs->aead));
+ memzero_explicit(xs->aead, sizeof(*xs->aead));
kfree(xs->aead);
err_xs:
- memset(xs, 0, sizeof(*xs));
+ memzero_explicit(xs, sizeof(*xs));
kfree(xs);
err_out:
msgbuf[1] = err;
@@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
ixgbe_ipsec_del_sa(xs);
/* remove the xs that was made-up in the add request */
- memset(xs, 0, sizeof(*xs));
+ memzero_explicit(xs, sizeof(*xs));
kfree(xs);
return 0;
--
1.7.12.4
On Tue, 17 Sep 2019 22:44:22 +0800, zhong jiang wrote:
> It's better to use memzero_explicit() to replace memset() in crypto cases.
>
> Signed-off-by: zhong jiang <[email protected]>
Thank you for the follow up! Your previous patch to use kzfree()
has been applied on its own merit, could you rebase this one on top
of current net-next/master?
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> index 31629fc..7e4f32f 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> @@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
> return 0;
>
> err_aead:
> - memset(xs->aead, 0, sizeof(*xs->aead));
> + memzero_explicit(xs->aead, sizeof(*xs->aead));
> kfree(xs->aead);
> err_xs:
> - memset(xs, 0, sizeof(*xs));
> + memzero_explicit(xs, sizeof(*xs));
> kfree(xs);
> err_out:
> msgbuf[1] = err;
> @@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
> ixgbe_ipsec_del_sa(xs);
>
> /* remove the xs that was made-up in the add request */
> - memset(xs, 0, sizeof(*xs));
> + memzero_explicit(xs, sizeof(*xs));
> kfree(xs);
>
> return 0;
On 2019/9/18 2:11, Jakub Kicinski wrote:
> On Tue, 17 Sep 2019 22:44:22 +0800, zhong jiang wrote:
>> It's better to use memzero_explicit() to replace memset() in crypto cases.
>>
>> Signed-off-by: zhong jiang <[email protected]>
> Thank you for the follow up! Your previous patch to use kzfree()
> has been applied on its own merit, could you rebase this one on top
> of current net-next/master?
I will do that.
Thanks,
zhong jiang
>> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
>> index 31629fc..7e4f32f 100644
>> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
>> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
>> @@ -960,10 +960,10 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
>> return 0;
>>
>> err_aead:
>> - memset(xs->aead, 0, sizeof(*xs->aead));
>> + memzero_explicit(xs->aead, sizeof(*xs->aead));
>> kfree(xs->aead);
>> err_xs:
>> - memset(xs, 0, sizeof(*xs));
>> + memzero_explicit(xs, sizeof(*xs));
>> kfree(xs);
>> err_out:
>> msgbuf[1] = err;
>> @@ -1049,7 +1049,7 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
>> ixgbe_ipsec_del_sa(xs);
>>
>> /* remove the xs that was made-up in the add request */
>> - memset(xs, 0, sizeof(*xs));
>> + memzero_explicit(xs, sizeof(*xs));
>> kfree(xs);
>>
>> return 0;
>
> .
>